Netsim: getting "No supported host key algorithms" when trying to connect
This isn't actually a question, just a helpful tip in case you run into this.
If you have just upgraded your OS and made a local install of NSO you might be running into issues when setting up netsim devices. You will see something like this:
info Failed to connect to device foo0: No supported host key algorithms
When for example trying to do a sync-from.
The problem is that OpenSSH changed the default file format of the host key files from PEM to their own format in version 7.8. The netsim is not able to read the new format, and so it will fail to read the generated host key. Which, in turn, means that when NSO tries to connect to the netsim device it will not have any host keys, and thus fail. Note: this particular issue is only relevant with netsim devices, never real ones (if you are having problems connecting to your real devices it is because of something else).
How to verify that this is the problem you are having
Try these two commands:
head -1 $NCS_DIR/etc/ncs/ssh/ssh_host_rsa_key
head -1 $NCS_DIR/netsim/confd/etc/confd/ssh/ssh_host_rsa_key
If you see:
-----BEGIN OPENSSH PRIVATE KEY-----
then you have the problem. See below for how to fix it. However, if you see:
-----BEGIN RSA PRIVATE KEY-----
then everything is okay (well, if you are having problems connecting to your netsim device it is because of something else:-)
You need to regenerate your ssh keys (well technically you could keep them, if you change the format of them - but it is easier to just regenerate the keys), here is how:
Note: make sure you run these commands as the same user as you installed NSO with (i.e. if you installed as root, run as root, if you installed as fred run as user fred). When prompted, say "y" to overwrite the existing files. After regenerating the key files you need to re-create your netsim devices (and restart NSO if you have it running).
If you for some reason need to keep your netsim devices / don't want to re-create them, you can copy the new key files to your netsim directory. For example, if you have your netsim directory as ./netsim (and are running a bourne like shell) then you could:
rm -f ./netsim/*/*/ssh/ssh_host_rsa_key*
for d in ./netsim/*/*/ssh ; do cp $NCS_DIR/netsim/confd/etc/confd/ssh/ssh_host_rsa_key* $d ; done
Don't forget to restart your netsim devices for the change to take effect.
NSO has had support for Junos devices pretty much since day one. The classical Junos NED is NETCONF based, but Juniper did not originally provide any YANG files, so the Tail-f team built a complex machinery to translate Juniper’s XML Schema Description (X...
Fredrik Jansson, Principal Engineer & John Mullooly, Distinguished Architect, SalesIn the first half of this lab, we build a k8s deployment of NSO from the ground up. We will start packaging NSO in a docker container, from there we will graduall...