Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
889
Views
0
Helpful
2
Replies

SSH key mismatch

dciprus
Cisco Employee
Cisco Employee

‎01-19-2023 06:52 AM - edited ‎01-19-2023 07:00 AM

After the upgrade of NSO and NED we're seeing this error from time to time when trying to communicate with devices.

NCS 5.7.8, NED: cisco-iosxr-cli-7.43.5

Obviously after disconnecting, connecting again and fetching keys, things are back to normal however issue seems to re-appear again after some time. Clues ? Ideas ?
Thanks !

admin@ncs# show devices device DC*********-CS**-****01 active-settings 
active-settings connect-timeout 20
active-settings read-timeout 300
active-settings write-timeout 600
active-settings ssh-keep-alive interval 20
active-settings ssh-keep-alive count 3
active-settings ssh-algorithms public-key [ ssh-ed25519 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 rsa-sha2-512 rsa-sha2-256 ]
active-settings ssh-algorithms kex [ curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 curve448-sha512 ecdh-sha2-nistp521 diffie-hellman-group15-sha512 diffie-hellman-group16-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1 ]
active-settings ssh-algorithms mac [ AEAD_AES_128_GCM AEAD_AES_256_GCM hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-256 hmac-sha1 ]
active-settings ssh-algorithms cipher [ aes128-gcm@openssh.com AEAD_AES_128_GCM chacha20-poly1305@openssh.com aes256-gcm@openssh.com AEAD_AES_256_GCM aes128-ctr aes192-ctr aes256-ctr ]
active-settings ssh-algorithms compression [ none zlib zlib@openssh.com ]
active-settings ssh-algorithms dh-group min-size 1024
active-settings ssh-algorithms dh-group preferred-size 2048
active-settings ssh-algorithms dh-group max-size 8192
active-settings ned-keep-alive count 3
active-settings connect-retries attempts 0
active-settings connect-retries timeout 3
active-settings trace        false
active-settings trace-output file
active-settings ned-settings use-junos-rollback false
active-settings commit-queue enabled-by-default false
active-settings session-limits max-sessions unlimited
active-settings session-pool idle-time 30
active-settings no-overwrite enabled-by-default false
active-settings lsa no-overwrite enabled-by-default false
active-settings out-of-sync-commit-behaviour reject
admin@ncs#
1 person had this problem
Labels:
0 Helpful
2 Replies 2

rogaglia
Cisco Employee
Cisco Employee

‎01-19-2023 08:11 AM

Hi, when you say that it fixes by fetching the keys, are these different keys or replacing the old keys with the same information?

 

0 Helpful

Nabsch
Spotlight
Spotlight

‎01-25-2023 12:33 AM

Hi,

 

Which error message did you get ? Which NSO version you were using before the upgrade?

Here a link that might help you 

0 Helpful
Customers Also Viewed These Support Documents