CCA-ND-8062 : Failed to create SSH Session. Error code = [-5] during Network Scan
search cancel

CCA-ND-8062 : Failed to create SSH Session. Error code = [-5] during Network Scan

book

Article ID: 416575

calendar_today

Updated On:

Products

CA Configuration Automation

Issue/Introduction

A Network Scan Profile is created with SSH mode = SSH with KeyFile and Credentials and a SSH public and private keys :

A network discovery using this Network Scan Profile fails with error :

CCA-ND-8062 : Failed to create SSH Session. Error code = [-5] and Error message =[]

 

In target Linux machine with command journalctl -t sshd following message appears :

“... Unable to negotiate with <ipaddress> port <port_number>: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 ...”

Environment

Configuration Automation 12.9.0.126 and earlier version

Cause

"CA Network Discovery Gateway" and "CA Network Discovery Server" are using an old version of libssh.dll (C:\Program Files (x86)\CA\SharedComponents\NDG\bin). Version is 1.4.3 and this version does not support more secure kex like diffie-hellman-group-exchange-sha256

It provides diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1. But if in the SSH Server on Linux server these algorithms have been removed for security reasons, this error occurs.

Resolution

A more recent version of libssh.dll with be included in next release of Configuration Automation.
This new version will support more secure SSH algorithms like diffie-hellman-group-exchange-sha256

Additional Information

private_key.ppk and public_key.ppk are generic names for SSH keys and are not customer sensitive data.

Powered by Wolken Software