Linux Asset Import Job failure - Server unexpectedly closed network connection
search cancel

Linux Asset Import Job failure - Server unexpectedly closed network connection

book

Article ID: 266268

calendar_today

Updated On:

Products

Control Compliance Suite Standards Server Control Compliance Suite Control Compliance Suite Standards Module

Issue/Introduction

We are getting the following error message "Server unexpectedly closed network connection" during the Asset Import job

 Linux OS type asset

From the verbose log file "C:\ProgramData\Symantec.CSM\Logs\CCSManager\DCInfra\BvCUWinRDCCore.log"

  17|    5010|    2F70|"blade|PuttyLibConnect|   91| 5/17/2023| 9:59:37:322|Error:0x0
  18|    5010|    2F70|"blade|       PSCP.cpp|  173| 5/17/2023| 9:59:37:494|Exception:0x80004005
  19|    5010|    2F70|"blade|       PSCP.cpp|  177| 5/17/2023| 9:59:37:494|Error:0x80004005
  1A|    5010|    2F70|"blade|PuttyLibConnect|  402| 5/17/2023| 9:59:37:494|Error:0x80004005 -- Server unexpectedly closed network connection
  1B|    5010|    2F70|"blade|RemoteShellConn|   75| 5/17/2023| 9:59:37:494|Error:0x80004005
  1C|    5010|    2F70|"blade|BvCUWinCommandW|  166| 5/17/2023| 9:59:37:494|Audit:Failed to connect : Machine(hostname); Port(22); Protocol Version(SSH 2 Only); User(useraccount); Authentication type(Password Authentication); 
  1D|    5010|    2F70|"blade|BvCUWinCommandW|  173| 5/17/2023| 9:59:37:494|Error:0x80004005 -- Server unexpectedly closed network connection
  1E|    5010|    2F70|"blade|ShellConnector.|   85| 5/17/2023| 9:59:37:494|Error:0x80072745
  1F|    5010|    2F70|"blade|BvCUWinAgentles|  187| 5/17/2023| 9:59:38: 10|Error:0x80004005
  20|    5010|    2F70|"blade|BvCUWinAgentles|  189| 5/17/2023| 9:59:38: 10|Perf. Timing: Time taken by BvCUWinAgentlessRDCConnector::InitCommandWrapper:1:688:688

Environment

Release : CCS Infra Release 12.5.2 - 12.6.1

Cause

This will happen when the SSHD server does not have any matching Ciphers, MACs, kexalgorithms, or hostkeyalgorithms.

Resolution

On the target Unix servers check the following:

Verify that the SSHD server on the target asset(s) has at least  1 matching from each of the above categories on the target Linux server.

Control Compliance Suite (CCS) 12.x Supported KEX/MACs for SSH

Run the following commands on the target server with root-level access.

 sshd -T | grep ciphers
 sshd -T | grep macs
 sshd -T | grep kexalgorithms
 sshd -T | grep hostkeyalgorithms

Also, verify in the SSHD log the reason why the connection was closed.
This file is generally located in /var/log/ on the servers, however this may vary. You can verify by checking in the syslog/rsyslog config file on the target server.

You may find entries similar to the following.

secure:May 15 17:07:23 hostname sshd[9463]: Unable to negotiate with x.x.x.x port 19794: no matching host key type found. Their offer: ssh-rsa,rsa-sha2-256,ssh-dss [preauth]
secure:May 15 17:07:24 hostname sshd[9465]: Connection closed by x.x.x.x port 19802 [preauth]
secure:May 15 17:07:24 hostname sshd[9467]: Connection closed by x.x.x.x port 19818 [preauth]
secure:May 15 17:07:24 hostname sshd[9469]: Unable to negotiate with x.x.x.x port 19834: no matching host key type found. Their offer: ssh-rsa,rsa-sha2-256,ssh-dss [preauth]
secure:May 15 17:07:24 hostname sshd[9471]: Unable to negotiate with x.x.x.x port 19842: no matching host key type found. Their offer: ssh-rsa,rsa-sha2-256,ssh-dss [preauth]

OR 

May 17 20:58:13 ip-10-119-20-239 sshd[2832]: Connection from x.x.x.x port 63375 on x.x.x.x port 22 rdomain ""
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: Local version string SSH-2.0-OpenSSH_8.7
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: Remote protocol version 2.0, remote software version CCS_SSHLIB:_Nov_19_2021_03:16:16
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: compat_banner: no match: CCS_SSHLIB:_Nov_19_2021_03:16:16
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: SELinux support enabled [preauth]
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: ssh_selinux_change_context: setting context from 'system_u:system_r:sshd_t:s0-s0:c0.c1023' to 'system_u:system_r:sshd_net_t:s0-s0:c0.c1023' [preauth]
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: permanently_set_uid: 74/74 [preauth]
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: list_hostkey_types: ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: SSH2_MSG_KEXINIT sent [preauth]
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: SSH2_MSG_KEXINIT received [preauth]
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: debug1: kex: host key algorithm: (no match) [preauth]
May 17 20:58:13 ip-10-119-20-239 sshd[2832]: Unable to negotiate with x.x.x.x port 63375: no matching host key type found. Their offer: ssh-rsa,rsa-sha2-256,ssh-dss [preauth]

 

To resolve this issue you will need to add at least one of those host keys to the target server sshd_config, then restart the sshd daemon.

ssh-dss
ssh-rsa
rsa-sha2-256

 

Additional Information

Also verify if a local firewall is running that it is allowing incoming SSH traffic.

Powered by Wolken Software