Client Automation - Deploy Linux Agent - Unexpected TELNET prompt

book

Article ID: 184117

calendar_today

Updated On:

Products

CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Software Delivery CA Client Automation - Remote Control

Issue/Introduction

Deployment to ITCM Agent to Linux machine fails with error

Delivery Failed - Unexpected TELNET prompt.





In TRC_CF_DMDEPLOY_*.log there are following error :

DmDeploy |ssh2.cpp |000079|DETAIL | SSH2 Client
DmDeploy |ssh2.cpp |000080|DETAIL | ================

DmDeploy |cssh2transport.cpp |002373|DETAIL | csshtransport: successfully opened IPv4 socket
DmDeploy |cssh2transport.cpp |001690|DETAIL | received SSH_MSG_KEXINIT
DmDeploy |cssh2msgkexinit.cpp |000262|DETAIL | Created Kex Init Message
DmDeploy |cssh2msgkexinit.cpp |000263|DETAIL | curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
DmDeploy |cssh2msgkexinit.cpp |000264|DETAIL | ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
DmDeploy |cssh2msgkexinit.cpp |000265|DETAIL | aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],[email protected]
DmDeploy |cssh2msgkexinit.cpp |000266|DETAIL | aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],[email protected]
DmDeploy |cssh2msgkexinit.cpp |000267|DETAIL | [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000268|DETAIL | [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000269|DETAIL | none,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000270|DETAIL | none,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000271|DETAIL | 
DmDeploy |cssh2msgkexinit.cpp |000272|DETAIL | 
DmDeploy |cssh2transport.cpp |001697|DETAIL | Server supported DH key exchange Algorithms = curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
DmDeploy |cssh2transport.cpp |001704|DETAIL | Client side DH key exchange Algorithms = diffie-hellman-group14-sha1
DmDeploy |cssh2transport.cpp |000682|DETAIL | DH Key Exchange Algorithm Group Type = diffie-hellman-group14-sha1
DmDeploy |cssh2msgkexinit.cpp |000526|DETAIL | Created Kex Init Message
DmDeploy |cssh2msgkexinit.cpp |000527|DETAIL | diffie-hellman-group14-sha1
DmDeploy |cssh2msgkexinit.cpp |000528|DETAIL | ssh-rsa
DmDeploy |cssh2msgkexinit.cpp |000529|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000530|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000531|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000532|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000533|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000534|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000535|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000536|DETAIL | 
DmDeploy |cssh2msgkexinit.cpp |000537|DETAIL | 
DmDeploy |cssh2msgkexinit.cpp |000385|DETAIL | Created Kex Init Message
DmDeploy |cssh2msgkexinit.cpp |000386|DETAIL | diffie-hellman-group14-sha1
DmDeploy |cssh2msgkexinit.cpp |000387|DETAIL | ssh-rsa
DmDeploy |cssh2msgkexinit.cpp |000388|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000389|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000390|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000391|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000392|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000393|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000394|DETAIL | 
DmDeploy |cssh2msgkexinit.cpp |000395|DETAIL | 
DmDeploy |cssh2transport.cpp |002885|DETAIL | CAPKI LibInit Mode <0>
DmDeploy |cssh2transport.cpp |000734|DETAIL | Start generating dh parameters.
DmDeploy |cssh2transport.cpp |000761|DETAIL | dh parameters length 268.
DmDeploy |cssh2transport.cpp |000791|DETAIL | Finished generating dh parameters - pubval length 256.
DmDeploy |cssh2transport.cpp |000795|DETAIL | m_pCKexDHInitMsg->GetPayloadLen() 262
DmDeploy |cssh2transport.cpp |002705|DETAIL | connection gone -1/-853/0
DmDeploy |cssh2transport.cpp |002058|DETAIL | failed calling ReceiveBytes(1)
DmDeploy |cssh2transport.cpp |000818|DETAIL | failed calling ReceiveBinaryPacket()
DmDeploy |cssh2transport.cpp |001712|DETAIL | failed calling PerformKeyExchange()
DmDeploy |cssh2transport.cpp |000420|DETAIL | failed calling ReceiveBinaryPacket()
DmDeploy |ssh2.cpp |000097|DETAIL | Failed to connect to SSH2 Server. - -1


On Linux machine following error could be seen :

in /var/log/secure
Feb 28 22:24:54 JY-RH77 sshd[3456]: Unable to negotiate with 192.168.220.198 port 54104: no matching cipher found. Their offer: 3des-cbc [preauth]

or

Feb 28 23:03:41 JY-RH77 sshd[3149]: Unable to negotiate with 192.168.220.198 port 54290: no matching MAC found. Their offer: hmac-sha1 [preauth]

or

Mar 11 11:53:42 JY-RH77 sshd[14432]: Unable to negotiate with 192.168.220.193 port 56889: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]


 
This problem could also occurs on AIX machine. In /var/log/authlog
Error is :
Unable to connect to remote machine
 
 

Environment

Release : 14.0 all versions

Component : Client Automation

Resolution

On Linux machine ;

1- Edit file /etc/ssh/sshd_config and 


* add 3des-cbc in the cipher list (if Ciphers parameter is set)
Example :
Ciphers aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],[email protected],3des-cbc


* add hmac-sha1 in the MACs list (if MACs parameter is set)
Example :




* add diffie-hellman-group1-sha1 in the KexAlgorithms list (if KexAlgorithms parameter is set)
Example :
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1




2- Restart ssh server :

sudo systemctl stop sshd
sudo systemctl start sshd


 

On AIX Machine :

1- Edit file /etc/ssh/sshd_config (see above)
 
2- Restart ssh server
 
stopsrc -s sshd
startsrc -s sshd
 

Attachments