Data collection fails with "Algorithm negotiation fail" error
search cancel

Data collection fails with "Algorithm negotiation fail" error

book

Article ID: 323811

calendar_today

Updated On: 02-13-2025

Products

VMware Smart Assurance

Issue/Introduction

When NCM is installed on RHEL server 8.5 or above, data collection from NCM SP in MnR fails with error “Algorithm negotiation fail”.

Following error is seen in the collecting logs :
WARNING -- [2023-01-16 15:25:16 IST] -- PollingTask::addLogging(): Couldn't connect to host <host id> with user rootcom.watch4net.apg.collector.remoteshellcollector.exceptions.ConnectionException: Could not connect to host <host id> on port <port number> with user <user name>

at com.watch4net.apg.collector.remoteshellcollector.executors.SSHExecutor.connect(SSHExecutor.java:145)at com.watch4net.apg.collector.remoteshellcollector.PollingTask.run(PollingTask.java:226)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
Caused by: java.io.IOException: com.watch4net.apg.ssh.api.exception.SSHException: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.watch4net.apg.v2.collector.plugins.outputparsing.executing.remote.SSHSessionConnection.connect(SSHSessionConnection.java:92)
at com.watch4net.apg.collector.remoteshellcollector.executors.SSHExecutor.connect(SSHExecutor.java:140)... 8 more
Caused by: com.watch4net.apg.ssh.api.exception.SSHException: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.watch4net.apg.ssh.jsch.JSchClient.connect(JSchClient.java:96)
at com.watch4net.apg.v2.collector.plugins.outputparsing.executing.remote.SSHSessionConnection.connect(SSHSessionConnection.java:90)... 9 more
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:583)
at com.jcraft.jsch.Session.connect(Session.java:320)
at com.watch4net.apg.ssh.jsch.JSchClient.connect(JSchClient.java:94)

Environment

7.x Watch4Net

Cause

System-wide crypto policy in RHEL 8.5 servers limits the hostkey algorithms, ciphers, MACc, kexalgorithms used by sshd process.

Resolution

Perform below steps in the NCM server running in RHEL version 8.5

  • In file  /etc/sysconfig/sshd, add the following entries:
“ecdh-sha2-nistp256” for “-oKexAlgorithms” and “-oHostKeyAlgorithms” fields.
  • Restart the sshd service:
systemctl restart sshd
  • Check if sshd is started with proper kex algorithm and hostkey algorithm using the command:
ps ax | grep sshd

 

Sample entry in /etc/sysconfig/sshd file as follows:

CRYPTO_POLICY='-oCiphers=chacha20-poly1305@openssh.com,aes256-gcm@openssh.com -oMACs=hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256 -oHostKeyAlgorithms=ssh-dss,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss,ssh-rsa-cert-v01@openssh.com'