cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1382
Views
10
Helpful
4
Replies

syntax error: "missing_aes256cfb128_settings" is not a valid value.

sphoredd
Cisco Employee
Cisco Employee

Hi,

I am using NSO 5.3,  trying to add a new authgroup for testing. I am getting following error with remote-password

syntax error: "missing_aes256cfb128_settings" is not a valid value.

Could someone help me to fix this error?

1 Accepted Solution

Accepted Solutions

vleijon
Cisco Employee
Cisco Employee

You need to add the AES256 keys to ncs.conf:

   <AES256CFB128>
      <key>0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef</key>
    </AES256CFB128>

View solution in original post

4 Replies 4

vleijon
Cisco Employee
Cisco Employee

You need to add the AES256 keys to ncs.conf:

   <AES256CFB128>
      <key>0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef</key>
    </AES256CFB128>

It worked. Thanks.

 

 

vleijon, 

 

Please help with a different flavor of the same problem! 

NSO restart failed on my upgrade from 5.2.3 to 5.4.2, with the same message:  missing_aes256cfb128_settings

But, this LSA install uses the external-keys command, so I can't just add an explicit new key directly to ncs.conf. 

 

I can't find any documentation on ncs_crypto_keys.  since this is an upgrade, I'm concerned about making the CDB unreadable if I regenerate any existing keys.  


The NSO v5.4.2 Installation doc says this, but this is not enough info to act on.  
     "Optionally, if you use the external command feature, make sure that you add an AES256CFB128_KEY to the output.
     One way of generating such a key is: openssl rand -hex 32."

 

thanks in advance -

First of all, when adding a new encryption method, you will not have any values encrypted with it in the old database, so it is fine whatever the new key is as long as it remains stable.

You will have to modify your external keys commands to supply the new value.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the NSO Developer community: