VMware SmartAssurance MnR - NCM SP data collection fails with error "Algorithm negotiation fail"
search cancel

VMware SmartAssurance MnR - NCM SP data collection fails with error "Algorithm negotiation fail"

book

Article ID: 323811

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Symptoms:

When NCM is installed on RHEL server 8.5 or above, data collection from NCM SP in MnR fails with error “Algorithm negotiation fail”.

Following error is seen in the collecting logs :

WARNING -- [2023-01-16 15:25:16 IST] -- PollingTask::addLogging(): Couldn't connect to host 10.102.85.47 with user rootcom.watch4net.apg.collector.remoteshellcollector.exceptions.ConnectionException: Could not connect to host 10.102.85.47 on port 22 with user root

at com.watch4net.apg.collector.remoteshellcollector.executors.SSHExecutor.connect(SSHExecutor.java:145)at com.watch4net.apg.collector.remoteshellcollector.PollingTask.run(PollingTask.java:226)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
Caused by: java.io.IOException: com.watch4net.apg.ssh.api.exception.SSHException: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.watch4net.apg.v2.collector.plugins.outputparsing.executing.remote.SSHSessionConnection.connect(SSHSessionConnection.java:92)
at com.watch4net.apg.collector.remoteshellcollector.executors.SSHExecutor.connect(SSHExecutor.java:140)... 8 more
Caused by: com.watch4net.apg.ssh.api.exception.SSHException: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.watch4net.apg.ssh.jsch.JSchClient.connect(JSchClient.java:96)
at com.watch4net.apg.v2.collector.plugins.outputparsing.executing.remote.SSHSessionConnection.connect(SSHSessionConnection.java:90)... 9 more
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:583)
at com.jcraft.jsch.Session.connect(Session.java:320)
at com.watch4net.apg.ssh.jsch.JSchClient.connect(JSchClient.java:94)


Environment

VMware Smart Assurance - Watch4Net/M&R

Cause

System-wide crypto policy in RHEL 8.5 servers limits the hostkey algorithms, ciphers, MACc, kexalgorithms used by sshd process.

Resolution

Perform below steps in the NCM server running in RHEL version 8.5

  • In file  /etc/sysconfig/sshd, add the following entries:
ecdh-sha2-nistp256” for “-oKexAlgorithms” and “-oHostKeyAlgorithms” fields.
  • Restart the sshd service:
systemctl restart sshd
  • Check if sshd is started with proper kex algorithm and hostkey algorithm using the command:
ps ax | grep sshd
 

Sample entry in /etc/sysconfig/sshd file as follows:

CRYPTO_POLICY='[email protected],[email protected] [email protected],[email protected],hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,[email protected],ecdh-sha2-nistp256 -oHostKeyAlgorithms=ssh-dss,ssh-rsa,[email protected],ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss,[email protected]'


Powered by Wolken Software