Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

236
Views
10
Helpful
5
Replies
afajri
afajri Cisco Employee
Cisco Employee
‎12-12-2019 10:09 AM
‎12-12-2019 10:09 AM

SSH toward NSO error: no hostkey alg

We are using NSO 5.3

 

When ssh to NSO by using OpenSSH_5.3, I got following error:

[username@localhost ~]$ ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[afajri@sjc-obs-linux15 ~]$ ssh username@nso -p 2024
no hostkey alg

ssh config in /etc/ncs/ncs.conf

  <ssh>
    <algorithms>
      <kex>diffie-hellman-group14-sha1</kex>
      <mac>hmac-sha2-512,hmac-sha2-256,hmac-sha1</mac>
      <encryption>aes128-ctr,aes192-ctr,aes256-ctr</encryption>
    </algorithms>
  </ssh>

question: how to support elder version of SSH client?

 

0 Helpful
Reply
2 ACCEPTED SOLUTIONS

Accepted Solutions
afajri
afajri Cisco Employee
Cisco Employee
‎01-07-2020 09:06 AM
‎01-07-2020 09:06 AM

Re: SSH toward NSO error: no hostkey alg

I followed the steps on the @lmanor's response, it doesnt solved the problem.

I downgraded to NSO 5.2.1, and it works. the issue is seen on NSO 5.3

View solution in original post

0 Helpful
Reply
lmanor
lmanor Cisco Employee
Cisco Employee
‎01-07-2020 09:16 AM
‎01-07-2020 09:16 AM

Re: SSH toward NSO error: no hostkey alg

From NSO 5.2.1 to 5.3 the built-in SSH server supportsssh-ed25519 host keys and the default SSH host key algorithm has changed to ssh-ed25519 (instead of previous ssh-rsa).

OpenSSH client must be greater than version 6.5 to support this algorithm.

 

From NSO CHANGES file:

- ncs: NSO's built in SSH server now supports ssh-ed25519 host and user
keys. NSO now also supports ssh-ed25519 host keys for NETCONF NED
connections.
- ncs: NSO's default configuration, in the ncs.conf file written by the
installer, for SSH host keys is now "ssh-ed25519" instead of the
previous "ssh-rsa". To be able to connect to the built-in SSH server,
the SSH client therefore must have support for "ssh-ed25519" as host key
algorithm when the default configuration is in effect.
This means OpenSSH is now required to be version 6.5 or later, and the
python library paramiko, used by netconf-console, is required to be
version 2.2 or later.

 

 

View solution in original post

0 Helpful
Reply
5 REPLIES 5
frjansso
frjansso Cisco Employee
Cisco Employee
‎12-16-2019 02:21 AM
‎12-16-2019 02:21 AM

Re: SSH toward NSO error: no hostkey alg

Hey,

Please see "man ncs.conf" for the allowed settings. ssh -vv is also your friend as you can compare what the server offers vs what the client offers.
Reply
lmanor
lmanor Cisco Employee
Cisco Employee
‎12-16-2019 07:36 AM
‎12-16-2019 07:36 AM

Re: SSH toward NSO error: no hostkey alg

 

See this discussion for related info:

 

https://community.cisco.com/t5/nso-developer-hub-discussions/netsim-getting-quot-no-supported-host-key-algorithms-quot-when/td-p/3843412

Reply
afajri
afajri Cisco Employee
Cisco Employee
‎01-07-2020 09:06 AM
‎01-07-2020 09:06 AM

Re: SSH toward NSO error: no hostkey alg

I followed the steps on the @lmanor's response, it doesnt solved the problem.

I downgraded to NSO 5.2.1, and it works. the issue is seen on NSO 5.3

View solution in original post

0 Helpful
Reply
lmanor
lmanor Cisco Employee
Cisco Employee
‎01-07-2020 09:16 AM
‎01-07-2020 09:16 AM

Re: SSH toward NSO error: no hostkey alg

From NSO 5.2.1 to 5.3 the built-in SSH server supportsssh-ed25519 host keys and the default SSH host key algorithm has changed to ssh-ed25519 (instead of previous ssh-rsa).

OpenSSH client must be greater than version 6.5 to support this algorithm.

 

From NSO CHANGES file:

- ncs: NSO's built in SSH server now supports ssh-ed25519 host and user
keys. NSO now also supports ssh-ed25519 host keys for NETCONF NED
connections.
- ncs: NSO's default configuration, in the ncs.conf file written by the
installer, for SSH host keys is now "ssh-ed25519" instead of the
previous "ssh-rsa". To be able to connect to the built-in SSH server,
the SSH client therefore must have support for "ssh-ed25519" as host key
algorithm when the default configuration is in effect.
This means OpenSSH is now required to be version 6.5 or later, and the
python library paramiko, used by netconf-console, is required to be
version 2.2 or later.

 

 

View solution in original post

0 Helpful
Reply
afajri
afajri Cisco Employee
Cisco Employee
‎01-07-2020 09:22 AM
‎01-07-2020 09:22 AM

Re: SSH toward NSO error: no hostkey alg

thanks for the explanation, @lmanor 

0 Helpful
Reply
Latest Contents
NSO and Network Management Datastore Architecture (NMDA)
Created by Akira Iwamoto on 01-20-2020 03:25 AM
0
5
0
5
NSO as the sample implementation of new technologyAbout Network Management Datastore ArchitectureDatastores defined in RFC 6020 / 6241Additions by RFC 8342 (NMDA)startup/candidate/runningintended datastoreoperational state datastoreNMDA with NSONETCONF he... view more
cisco-staros-cli-5.22 - nso 4.2.1
Created by afajri on 01-08-2020 02:14 PM
3
0
3
0
Hi Expert,  I got this error when I try to sync-from from one of my device: anthony@ncs# devices device mv-lab sync-from result false info External error in the NED implementation for device mv-lab: read timeout after 20 seconds, blocked on "\r\n" w... view more
A big Thank You and a Happy Holiday!
Created by Nicklas Wagerth on 12-23-2019 02:51 AM
1
10
1
10
For many of us, it is time to celebrate Christmas, Hanukkah, Kwanzaa, the Winter Solstice, or just the New Year. Regardless, if you celebrate any of these festivities it means time off and we get some extra time to spend with family and friends while we r... view more
Developer Days-US 2019 presentations with quick links!
Created by Nicklas Wagerth on 12-16-2019 03:28 AM
0
0
0
0
Here is a summary of the Developer Days content with quick links   NSO State of the Union, Fredrik Lundberg, Dir. Strategy & Planning, NSO  Workflow vs NSO Service vs Nano Service, Viktor Leijon, Technical Leader, NSO A Breakneck Journe... view more
NSO Developer Days US 2019: NSO 5.x Migration
Created by Nicklas Wagerth on 12-16-2019 03:19 AM
0
0
0
0
Martin Akerstrom, NSO Solutions Architect
CreatePlease to create content
Discussion
Blog
Document
Video
Related Content
Blogs
Documents
Events
Videos