cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2593
Views
10
Helpful
1
Replies

NSO RESTCONF Sync-From fails with NEDCOM CONNECT : Authenticate Error

All, 

I'm working through the RESTCONF API to get a device added, fetch-keys and sync-from.

My device add and fetch keys API calls are working

I'm attempting to invoke a sync-from on a deployed dev-csr device but it's failing

The sync-from works via ncs_cli without issue.

When attempting it from RESTCONF API I get the following JSON response

{
"tailf-ncs:output": {
        "result": false,
         "info": "Failed to connect to device dev-csr: connection refused: NEDCOM CONNECT: Authenticate: Exhausted available         
          authentication methods. Server allowed: [ publickey keyboard-interactive password ] in new state"
  }
}
 
Am I incorrect to think any authentication parameters for the NED would be defined by the authgroup configured and appear to be working properly when I sync-from using CLI?
Any direction on troubleshooting this please.
-Scott
 
1 Reply 1

radioman
Spotlight
Spotlight

Hi Scoot

Looks a bit like a problem I ran across last year, do you see log lines like this on the CSR ?

RP/0/RP0/CPU0:Apr 8 14:07:12.995 CEST: SSHD_[1297]: %SECURITY-SSHD-6-INFO_GENERAL : Incoming SSH session rate limit exceeded

If that is the case you are doing the fetch-keys and sync-from too fast, and are hitting the default rate-limit of 1 connection pr. second on the device. eg. have a look at this manual:

https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-3/security/command/reference/b-syssec-cr-53xcrs/b-syssec-cr-53xcrs_chapter_01000.html#wp1423655881

You could try to increase "ssh server rate-limit" to eg. 180 or insert some delay in your code.

br.

Kristoffer Laresn