Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3679
Views
10
Helpful
1
Replies

NSO RESTCONF Sync-From fails with NEDCOM CONNECT : Authenticate Error

Scott.ODonnell@gmail.com
Level 1
Level 1

‎09-27-2022 06:09 AM

All, 

I'm working through the RESTCONF API to get a device added, fetch-keys and sync-from.

My device add and fetch keys API calls are working

I'm attempting to invoke a sync-from on a deployed dev-csr device but it's failing

The sync-from works via ncs_cli without issue.

When attempting it from RESTCONF API I get the following JSON response

{
"tailf-ncs:output": {
        "result": false,
         "info": "Failed to connect to device dev-csr: connection refused: NEDCOM CONNECT: Authenticate: Exhausted available         
          authentication methods. Server allowed: [ publickey keyboard-interactive password ] in new state"
  }
}
 
Am I incorrect to think any authentication parameters for the NED would be defined by the authgroup configured and appear to be working properly when I sync-from using CLI?
Any direction on troubleshooting this please.
-Scott
 
Labels:
0 Helpful
1 Reply 1

radioman
Spotlight
Spotlight

‎10-02-2022 08:37 PM

Hi Scoot

Looks a bit like a problem I ran across last year, do you see log lines like this on the CSR ?

RP/0/RP0/CPU0:Apr 8 14:07:12.995 CEST: SSHD_[1297]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded

If that is the case you are doing the fetch-keys and sync-from too fast, and are hitting the default rate-limit of 1 connection pr. second on the device. eg. have a look at this manual:

https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-3/security/command/reference/b-syssec-cr-53xcrs/b-syssec-cr-53xcrs_chapter_01000.html#wp1423655881

You could try to increase "ssh server rate-limit" to eg. 180 or insert some delay in your code.

br.

Kristoffer Laresn

Polls
AI-powered tools for network troubleshooting are likely to be part of everyone’s workflow sooner or later. What is the single biggest challenge or concern you see with adopting these tools in your organization?
Show Choices
Hide Choices
Customers Also Viewed These Support Documents