ssh fetch-host-keys failed

sm000x · ‎11-21-2024

Hi,

I am facing a strange issue that I need help.

For some of the network devices in my lab, I cannot do ssh fetch-host-keys:
admin@mtnjdslncs08> request devices device the_host ssh fetch-host-keys
result failed
info Failed to connect to device the_host: closed
[ok][2024-11-21 16:04:27]
admin@mtnjdslncs08>

However, I am able to ssh to that device with no issue.

I use "ssh-keyscan the_host" to get the key then manually add to CDB:
admin@mtnjdslncs08% set devices device the_host ssh host-key ssh-rsa the_key

then I am able to do sync-from:
admin@mtnjdslncs08> request devices device the_host sync-from
result true
[ok][2024-11-21 15:50:08]
admin@mtnjdslncs08>

Can anyone help to see why "ssh fetch-host-keys" fails?

THX
sm000x

cohult · ‎11-21-2024

Hi, When you use ssh-keyscan, do you use the same port that NSO is configured to use?

sm000x · ‎11-22-2024

Hi, Cohult:

When I use ssh-keyscan, I did not give the port, only the address.

As for the banner issue I posted before, that issue only occurs on sync-from, not fetch-host-key.

Thank you

sm000x

sm000x · ‎11-22-2024

Hi, Cohult:

Sorry. I should have provide more information.

/ncs:devices/device has address 192.168.112.26 and port 22.

Both

ssh-keyscan 192.168.112.26

ssh-keyscan -p 22 192.168.112.26

got the same results.

but fetch-host-keys fails.

THX

sm000x

sm000x · ‎11-22-2024

Hi, Cohult:

When I use ssh-keyscan, I did not give the port, only the address.
As for the banner issue I posted before, that issue only occurs on sync-from, not fetch-host-key.

Thank you
sm000x

cohult · ‎11-23-2024

I suggest you do a ssh-keyscan -vvv 192.168.112.26 and create a ticket with the output describing the fetch-host-keys issue.
The NSO SSH client seems incompatible with the SSH server, while the OpenSSH ssh-keyscan client is.

sm000x · ‎11-24-2024

Hi, Cohult:

Thank you very much for the suggestion. I will do -vvv.

Thank you

sm000x