cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

956
Views
50
Helpful
1
Replies
Highlighted
Cisco Employee

Netsim: getting "No supported host key algorithms" when trying to connect

Hi

This isn't actually a question, just a helpful tip in case you run into this.

The Problem

If you have just upgraded your OS and made a local install of NSO you might be running into issues when setting up netsim devices. You will see something like this:

...
result failed
info Failed to connect to device foo0: No supported host key algorithms

When for example trying to do a sync-from.

The problem is that OpenSSH changed the default file format of the host key files from PEM to their own format in version 7.8. The netsim is not able to read the new format, and so it will fail to read the generated host key. Which, in turn, means that when NSO tries to connect to the netsim device it will not have any host keys, and thus fail. Note: this particular issue is only relevant with netsim devices, never real ones (if you are having problems connecting to your real devices it is because of something else).

How to verify that this is the problem you are having

Try these two commands:

head -1 $NCS_DIR/etc/ncs/ssh/ssh_host_rsa_key
head -1 $NCS_DIR/netsim/confd/etc/confd/ssh/ssh_host_rsa_key

If you see:

-----BEGIN OPENSSH PRIVATE KEY-----

then you have the problem. See below for how to fix it. However, if you see:

-----BEGIN RSA PRIVATE KEY-----

then everything is okay (well, if you are having problems connecting to your netsim device it is because of something else:-)

The Fix

You need to regenerate your ssh keys (well technically you could keep them, if you change the format of them - but it is easier to just regenerate the keys), here is how:

ssh-keygen -m PEM -t rsa -f $NCS_DIR/etc/ncs/ssh/ssh_host_rsa_key -N ''
ssh-keygen -m PEM -t rsa -f $NCS_DIR/netsim/confd/etc/confd/ssh/ssh_host_rsa_key -N ''

Note: make sure you run these commands as the same user as you installed NSO with (i.e. if you installed as root, run as root, if you installed as fred run as user fred). When prompted, say "y" to overwrite the existing files. After regenerating the key files you need to re-create your netsim devices (and restart NSO if you have it running).

If you for some reason need to keep your netsim devices / don't want to re-create them, you can copy the new key files to your netsim directory. For example, if you have your netsim directory as ./netsim (and are running a bourne like shell) then you could:

rm -f ./netsim/*/*/ssh/ssh_host_rsa_key*
for d in ./netsim/*/*/ssh ; do cp $NCS_DIR/netsim/confd/etc/confd/ssh/ssh_host_rsa_key* $d ; done

Don't forget to restart your netsim devices for the change to take effect.

 

Hope that helps someone :-)

/Sebastian

Everyone's tags (2)
1 REPLY 1
Beginner

Re: Netsim: getting "No supported host key algorithms" when trying to connect

Pfew took me a while to find this, but it worked!