Client Automation - Deploy Linux Agent - Unexpected TELNET prompt
Issue/Introduction:
Deployment to ITCM Agent to Linux machine fails with error
Delivery Failed - Unexpected TELNET prompt.
In TRC_CF_DMDEPLOY_*.log there are following error :
DmDeploy |ssh2.cpp |000079|DETAIL | SSH2 Client
DmDeploy |ssh2.cpp |000080|DETAIL | ================
DmDeploy |cssh2transport.cpp |002373|DETAIL | csshtransport: successfully opened IPv4 socket
DmDeploy |cssh2transport.cpp |001690|DETAIL | received SSH_MSG_KEXINIT
DmDeploy |cssh2msgkexinit.cpp |000262|DETAIL | Created Kex Init Message
DmDeploy |cssh2msgkexinit.cpp |000263|DETAIL | curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
DmDeploy |cssh2msgkexinit.cpp |000264|DETAIL | ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
DmDeploy |cssh2msgkexinit.cpp |000265|DETAIL | aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],[email protected]
DmDeploy |cssh2msgkexinit.cpp |000266|DETAIL | aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],[email protected]
DmDeploy |cssh2msgkexinit.cpp |000267|DETAIL | [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000268|DETAIL | [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000269|DETAIL | none,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000270|DETAIL | none,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000271|DETAIL |
DmDeploy |cssh2msgkexinit.cpp |000272|DETAIL |
DmDeploy |cssh2transport.cpp |001697|DETAIL | Server supported DH key exchange Algorithms = curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
DmDeploy |cssh2transport.cpp |001704|DETAIL | Client side DH key exchange Algorithms = diffie-hellman-group14-sha1
DmDeploy |cssh2transport.cpp |000682|DETAIL | DH Key Exchange Algorithm Group Type = diffie-hellman-group14-sha1
DmDeploy |cssh2msgkexinit.cpp |000526|DETAIL | Created Kex Init Message
DmDeploy |cssh2msgkexinit.cpp |000527|DETAIL | diffie-hellman-group14-sha1
DmDeploy |cssh2msgkexinit.cpp |000528|DETAIL | ssh-rsa
DmDeploy |cssh2msgkexinit.cpp |000529|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000530|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000531|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000532|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000533|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000534|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000535|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000536|DETAIL |
DmDeploy |cssh2msgkexinit.cpp |000537|DETAIL |
DmDeploy |cssh2msgkexinit.cpp |000385|DETAIL | Created Kex Init Message
DmDeploy |cssh2msgkexinit.cpp |000386|DETAIL | diffie-hellman-group14-sha1
DmDeploy |cssh2msgkexinit.cpp |000387|DETAIL | ssh-rsa
DmDeploy |cssh2msgkexinit.cpp |000388|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000389|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000390|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000391|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000392|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000393|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000394|DETAIL |
DmDeploy |cssh2msgkexinit.cpp |000395|DETAIL |
DmDeploy |cssh2transport.cpp |002885|DETAIL | CAPKI LibInit Mode <0>
DmDeploy |cssh2transport.cpp |000734|DETAIL | Start generating dh parameters.
DmDeploy |cssh2transport.cpp |000761|DETAIL | dh parameters length 268.
DmDeploy |cssh2transport.cpp |000791|DETAIL | Finished generating dh parameters - pubval length 256.
DmDeploy |cssh2transport.cpp |000795|DETAIL | m_pCKexDHInitMsg->GetPayloadLen() 262
DmDeploy |cssh2transport.cpp |002705|DETAIL | connection gone -1/-853/0
DmDeploy |cssh2transport.cpp |002058|DETAIL | failed calling ReceiveBytes(1)
DmDeploy |cssh2transport.cpp |000818|DETAIL | failed calling ReceiveBinaryPacket()
DmDeploy |cssh2transport.cpp |001712|DETAIL | failed calling PerformKeyExchange()
DmDeploy |cssh2transport.cpp |000420|DETAIL | failed calling ReceiveBinaryPacket()
DmDeploy |ssh2.cpp |000097|DETAIL | Failed to connect to SSH2 Server. - -1
On Linux machine following error could be seen :
in /var/log/secure
Feb 28 22:24:54 JY-RH77 sshd[3456]: Unable to negotiate with 192.168.220.198 port 54104: no matching cipher found. Their offer: 3des-cbc [preauth]
or
Feb 28 23:03:41 JY-RH77 sshd[3149]: Unable to negotiate with 192.168.220.198 port 54290: no matching MAC found. Their offer: hmac-sha1 [preauth]
or
Mar 11 11:53:42 JY-RH77 sshd[14432]: Unable to negotiate with 192.168.220.193 port 56889: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Delivery Failed - Unexpected TELNET prompt.
In TRC_CF_DMDEPLOY_*.log there are following error :
DmDeploy |ssh2.cpp |000079|DETAIL | SSH2 Client
DmDeploy |ssh2.cpp |000080|DETAIL | ================
DmDeploy |cssh2transport.cpp |002373|DETAIL | csshtransport: successfully opened IPv4 socket
DmDeploy |cssh2transport.cpp |001690|DETAIL | received SSH_MSG_KEXINIT
DmDeploy |cssh2msgkexinit.cpp |000262|DETAIL | Created Kex Init Message
DmDeploy |cssh2msgkexinit.cpp |000263|DETAIL | curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
DmDeploy |cssh2msgkexinit.cpp |000264|DETAIL | ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
DmDeploy |cssh2msgkexinit.cpp |000265|DETAIL | aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],[email protected]
DmDeploy |cssh2msgkexinit.cpp |000266|DETAIL | aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],[email protected]
DmDeploy |cssh2msgkexinit.cpp |000267|DETAIL | [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000268|DETAIL | [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000269|DETAIL | none,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000270|DETAIL | none,[email protected]
DmDeploy |cssh2msgkexinit.cpp |000271|DETAIL |
DmDeploy |cssh2msgkexinit.cpp |000272|DETAIL |
DmDeploy |cssh2transport.cpp |001697|DETAIL | Server supported DH key exchange Algorithms = curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
DmDeploy |cssh2transport.cpp |001704|DETAIL | Client side DH key exchange Algorithms = diffie-hellman-group14-sha1
DmDeploy |cssh2transport.cpp |000682|DETAIL | DH Key Exchange Algorithm Group Type = diffie-hellman-group14-sha1
DmDeploy |cssh2msgkexinit.cpp |000526|DETAIL | Created Kex Init Message
DmDeploy |cssh2msgkexinit.cpp |000527|DETAIL | diffie-hellman-group14-sha1
DmDeploy |cssh2msgkexinit.cpp |000528|DETAIL | ssh-rsa
DmDeploy |cssh2msgkexinit.cpp |000529|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000530|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000531|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000532|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000533|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000534|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000535|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000536|DETAIL |
DmDeploy |cssh2msgkexinit.cpp |000537|DETAIL |
DmDeploy |cssh2msgkexinit.cpp |000385|DETAIL | Created Kex Init Message
DmDeploy |cssh2msgkexinit.cpp |000386|DETAIL | diffie-hellman-group14-sha1
DmDeploy |cssh2msgkexinit.cpp |000387|DETAIL | ssh-rsa
DmDeploy |cssh2msgkexinit.cpp |000388|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000389|DETAIL | 3des-cbc
DmDeploy |cssh2msgkexinit.cpp |000390|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000391|DETAIL | hmac-sha1
DmDeploy |cssh2msgkexinit.cpp |000392|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000393|DETAIL | none
DmDeploy |cssh2msgkexinit.cpp |000394|DETAIL |
DmDeploy |cssh2msgkexinit.cpp |000395|DETAIL |
DmDeploy |cssh2transport.cpp |002885|DETAIL | CAPKI LibInit Mode <0>
DmDeploy |cssh2transport.cpp |000734|DETAIL | Start generating dh parameters.
DmDeploy |cssh2transport.cpp |000761|DETAIL | dh parameters length 268.
DmDeploy |cssh2transport.cpp |000791|DETAIL | Finished generating dh parameters - pubval length 256.
DmDeploy |cssh2transport.cpp |000795|DETAIL | m_pCKexDHInitMsg->GetPayloadLen() 262
DmDeploy |cssh2transport.cpp |002705|DETAIL | connection gone -1/-853/0
DmDeploy |cssh2transport.cpp |002058|DETAIL | failed calling ReceiveBytes(1)
DmDeploy |cssh2transport.cpp |000818|DETAIL | failed calling ReceiveBinaryPacket()
DmDeploy |cssh2transport.cpp |001712|DETAIL | failed calling PerformKeyExchange()
DmDeploy |cssh2transport.cpp |000420|DETAIL | failed calling ReceiveBinaryPacket()
DmDeploy |ssh2.cpp |000097|DETAIL | Failed to connect to SSH2 Server. - -1
On Linux machine following error could be seen :
in /var/log/secure
Feb 28 22:24:54 JY-RH77 sshd[3456]: Unable to negotiate with 192.168.220.198 port 54104: no matching cipher found. Their offer: 3des-cbc [preauth]
or
Feb 28 23:03:41 JY-RH77 sshd[3149]: Unable to negotiate with 192.168.220.198 port 54290: no matching MAC found. Their offer: hmac-sha1 [preauth]
or
Mar 11 11:53:42 JY-RH77 sshd[14432]: Unable to negotiate with 192.168.220.193 port 56889: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
This problem could also occurs on AIX machine. In /var/log/authlog
Error is :
Unable to connect to remote machine
Environment:
Release : 14.0 all versions
Component : Client Automation
Resolution:
On Linux machine ;
1- Edit file /etc/ssh/sshd_config and
* add 3des-cbc in the cipher list (if Ciphers parameter is set)
Example :
Ciphers aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],[email protected],3des-cbc
* add hmac-sha1 in the MACs list (if MACs parameter is set)
Example :
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected],hmac-sha1
or hmac-md5 if deployment is made with idcmd tool
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected],hmac-sha1
or hmac-md5 if deployment is made with idcmd tool
Example :
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected],hmac-md5
* add diffie-hellman-group1-sha1 in the KexAlgorithms list (if KexAlgorithms parameter is set)
Example :
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1
2- Restart ssh server :
sudo systemctl stop sshd
sudo systemctl start sshd
On AIX Machine :
1- Edit file /etc/ssh/sshd_config (see above)
2- Restart ssh server
stopsrc -s sshd
startsrc -s sshd