Symptoms:
This issue will be fixed in future product release.
Workaround:
The following workaround is to be applied on every NSX appliance:
1. SSH to the appliance as "root".
2. Create a copy of sshd_config file:
3. In section "# Cipher and MAC algorithms", use vi, or vim editor to edit the content as shown below:
grep "Cipher and MAC" -A3 /etc/ssh/sshd_config-bak
# Cipher and MAC algorithms
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
MACs [email protected],[email protected],hmac-sha2-256,hmac-sha2-512
KexAlgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-ssha512,diffie-hellman-group14-sha256
grep "Cipher and MAC" -A3 /etc/ssh/sshd_config
# Cipher and MAC algorithms
Ciphers [email protected],[email protected]
MACs [email protected],[email protected]
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
If appliance os is ubuntu 20 or greater then add below line (hostkeyalgorithms option) at the end of sshd_config file -
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]
hostkey /etc/ssh/ssh_host_ecdsa_key
hostkey /etc/ssh/ssh_host_ed25519_key