
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2019 10:09 AM - edited 12-12-2019 10:10 AM
We are using NSO 5.3
When ssh to NSO by using OpenSSH_5.3, I got following error:
[username@localhost ~]$ ssh -V OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 [afajri@sjc-obs-linux15 ~]$ ssh username@nso -p 2024 no hostkey alg
ssh config in /etc/ncs/ncs.conf
<ssh> <algorithms> <kex>diffie-hellman-group14-sha1</kex> <mac>hmac-sha2-512,hmac-sha2-256,hmac-sha1</mac> <encryption>aes128-ctr,aes192-ctr,aes256-ctr</encryption> </algorithms> </ssh>
question: how to support elder version of SSH client?
Solved! Go to Solution.
- Labels:
-
Other NSO Topics
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2020 09:06 AM
I followed the steps on the @lmanor's response, it doesnt solved the problem.
I downgraded to NSO 5.2.1, and it works. the issue is seen on NSO 5.3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2020 09:16 AM
From NSO 5.2.1 to 5.3 the built-in SSH server supportsssh-ed25519 host keys and the default SSH host key algorithm has changed to ssh-ed25519 (instead of previous ssh-rsa).
OpenSSH client must be greater than version 6.5 to support this algorithm.
From NSO CHANGES file:
- ncs: NSO's built in SSH server now supports ssh-ed25519 host and user
keys. NSO now also supports ssh-ed25519 host keys for NETCONF NED
connections.
- ncs: NSO's default configuration, in the ncs.conf file written by the
installer, for SSH host keys is now "ssh-ed25519" instead of the
previous "ssh-rsa". To be able to connect to the built-in SSH server,
the SSH client therefore must have support for "ssh-ed25519" as host key
algorithm when the default configuration is in effect.
This means OpenSSH is now required to be version 6.5 or later, and the
python library paramiko, used by netconf-console, is required to be
version 2.2 or later.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2019 02:21 AM
Please see "man ncs.conf" for the allowed settings. ssh -vv is also your friend as you can compare what the server offers vs what the client offers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2019 07:36 AM
See this discussion for related info:

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2020 09:06 AM
I followed the steps on the @lmanor's response, it doesnt solved the problem.
I downgraded to NSO 5.2.1, and it works. the issue is seen on NSO 5.3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2020 09:16 AM
From NSO 5.2.1 to 5.3 the built-in SSH server supportsssh-ed25519 host keys and the default SSH host key algorithm has changed to ssh-ed25519 (instead of previous ssh-rsa).
OpenSSH client must be greater than version 6.5 to support this algorithm.
From NSO CHANGES file:
- ncs: NSO's built in SSH server now supports ssh-ed25519 host and user
keys. NSO now also supports ssh-ed25519 host keys for NETCONF NED
connections.
- ncs: NSO's default configuration, in the ncs.conf file written by the
installer, for SSH host keys is now "ssh-ed25519" instead of the
previous "ssh-rsa". To be able to connect to the built-in SSH server,
the SSH client therefore must have support for "ssh-ed25519" as host key
algorithm when the default configuration is in effect.
This means OpenSSH is now required to be version 6.5 or later, and the
python library paramiko, used by netconf-console, is required to be
version 2.2 or later.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2020 09:22 AM
thanks for the explanation, @lmanor
