Network Management

 View Only
  • 1.  Telnet/SSH proxy issue

    Posted Nov 14, 2016 03:21 PM

    I have this one piece of equipment(5406zl) where I can no longer connect to it via the Telnet/SSH proxy page.

    I get back an Algorithm Negotiation Failure message, which I traced back to com.jcraft.jsch (https://sourceforge.net/projects/jsch/).

    The log file message:

    2016-11-14 13:17:30 [ERROR] [http-nio-443-exec-4] [com.imc.res.terminal.func.ResTerminalSSHSession::open]
    com.jcraft.jsch.JSchException: Algorithm negotiation fail
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:590)
    at com.jcraft.jsch.Session.connect(Session.java:320)
    at com.jcraft.jsch.Session.connect(Session.java:183)

    ....

    I tried: importing the JCE files from oracle, deleting and re-adding the device, and updating to a new version of the jsch JAR.

    I'm also having issues pushing ACL's to this device, and I suspect I'd encounter issues doing VLAN work too.

    My current working theory is that somehow the RSA ssh key on the device got goofed up, and is throwing errors in IMC because it's expecting a certain key during connection initiation. I know the device still works because I can SSH to it from my machine and the IMC server.

    Has anyone encountered anything like this before?

     



  • 2.  RE: Telnet/SSH proxy issue

    Posted Nov 15, 2016 09:50 AM

    Well I recreated my ssh key to no avail.

    I've also tried limiting the ciphers I have turned on to AES256-CTR with HMAC-SHA1, thinking maybe it was offering an old, unrecognized cipher up for some reason.

     

    Actually, I just found a glimmer of hope...

    I 11/15/16 08:41:51 03345 ssh: User :Login failed for SSH session from

                143.236.34.115 due to cipher mismatch.

    Perhaps I'll try playing around with my ciphers a little more.



  • 3.  RE: Telnet/SSH proxy issue

    Posted Nov 15, 2016 10:54 AM

    Still no dice; turns out the JSCH isn't compatible with AES256-CTR, which is what caused those mismatch messages.

    I even tried reverting to an old config file, just to try it, and still no luck at all.

    I'm almost beginning to think there's something wrong with the device itself, because I can't deploy ACL's via telnet either...

     



  • 4.  RE: Telnet/SSH proxy issue

    Posted Nov 17, 2016 12:25 PM

    I turned on debugging for jserver and found differenes between a working SSH device and my problem one

    Working:

    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Connection established
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Remote version string: SSH-2.0-Mocana SSH 5.8
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Local version string: SSH-2.0-JSCH-0.1.44
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXINIT sent
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXINIT received
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server->client aes128-ctr hmac-md5 none
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client->server aes128-ctr hmac-md5 none
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXDH_INIT sent
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is expecting SSH_MSG_KEXDH_REPLY
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is ssh_rsa_verify: signature true
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [WARN: ] message is Permanently added ' (RSA) to the list of known hosts.
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_NEWKEYS sent
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_NEWKEYS received
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_SERVICE_REQUEST sent
    2016-11-17 11:06:08 [DEBUG] [http-nio-443-exec-21] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_SERVICE_ACCEPT received

    Not Working

    2016-11-17 11:05:47 [DEBUG] [http-nio-443-exec-1] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Connection established
    2016-11-17 11:05:47 [DEBUG] [http-nio-443-exec-1] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Remote version string: SSH-2.0-Mocana SSH 5.8
    2016-11-17 11:05:47 [DEBUG] [http-nio-443-exec-1] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Local version string: SSH-2.0-JSCH-0.1.44
    2016-11-17 11:05:47 [DEBUG] [http-nio-443-exec-1] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
    2016-11-17 11:05:47 [DEBUG] [http-nio-443-exec-1] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXINIT sent
    2016-11-17 11:05:47 [DEBUG] [http-nio-443-exec-1] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXINIT received
    2016-11-17 11:05:47 [DEBUG] [http-nio-443-exec-1] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Disconnecting from

    Not sure what to make of it at this point...



  • 5.  RE: Telnet/SSH proxy issue

    Posted Nov 17, 2016 04:00 PM

    The fix I discovered for this, after hours of searching, was to add an additional security provider to the java.security file

    http://www.svrnm.de/blog/fixed-netbeans-phpstorm-algorithm-negotiation-fail/

    … downloading bcprov-ext-jdk15on-151.jar (or the latest version) from http://www.bouncycastle.org/latest_releases.html to \jre\jre\lib\ext. Then edit \jre\jre\lib\security\java.security and add security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider to the top of the list and change the numbers in the subsequent lines.

    The debugging that I did was bumping up the Jserver logging to Debug, and attempted the SSH connection, and looked at the imcforground.log file

    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalMgrImpl::getSession] Get session from map ,session id
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Connecting to port 22
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Connection established
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Remote version string: SSH-2.0-Mocana SSH 5.8
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Local version string: SSH-2.0-JSCH-0.1.54
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is diffie-hellman-group14-sha1 is not available.
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXINIT sent
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXINIT received
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: diffie-hellman-group14-sha1
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: ssh-rsa
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: hmac-sha1-96,hmac-md5,hmac-sha1,hmac-md5-96
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: hmac-sha1-96,hmac-md5,hmac-sha1,hmac-md5-96
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: none
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: none
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server:
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server:
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: none
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: none
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client:
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client:
    2016-11-17 14:27:44 [DEBUG] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Disconnecting from port 22
    2016-11-17 14:27:44 [ERROR] [http-nio-443-exec-2] [com.imc.res.terminal.func.ResTerminalSSHSession::open]
    com.jcraft.jsch.JSchException: Algorithm negotiation fail



    After I added in the bouncecastle security provider, I was able to ssh in using the proxy.

    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalMgrImpl::debugSession] ResTeminalMgr has session number is :0
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalMgrImpl::debugSession] ResTeminalMgr has ssh thread number is :0
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalMgrImpl::getSession] get session connect type is 2 server ip is .
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Connecting to port 22
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Connection established
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Remote version string: SSH-2.0-Mocana SSH 5.8
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Local version string: SSH-2.0-JSCH-0.1.54
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXINIT sent
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXINIT received
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: diffie-hellman-group14-sha1
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: ssh-rsa
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: hmac-sha1-96,hmac-md5,hmac-sha1,hmac-md5-96
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: hmac-sha1-96,hmac-md5,hmac-sha1,hmac-md5-96
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: none
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server: none
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server:
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server:
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: none
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client: none
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client:
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client:
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: server->client aes128-ctr hmac-md5 none
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is kex: client->server aes128-ctr hmac-md5 none
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_KEXDH_INIT sent
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is expecting SSH_MSG_KEXDH_REPLY
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is ssh_rsa_verify: signature true
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [WARN: ] message is Permanently added '' (RSA) to the list of known hosts.
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_NEWKEYS sent
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_NEWKEYS received
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_SERVICE_REQUEST sent
    2016-11-17 14:42:54 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is SSH_MSG_SERVICE_ACCEPT received
    2016-11-17 14:42:55 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Authentications that can continue: password
    2016-11-17 14:42:55 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Next authentication method: password
    2016-11-17 14:42:55 [DEBUG] [http-nio-443-exec-16] [com.imc.res.terminal.func.ResTerminalSSHSession$SSHLogger::log] SSH Log [INFO: ] message is Authentication succeeded



  • 6.  RE: Telnet/SSH proxy issue

    Posted Jul 21, 2017 02:33 AM

    I had this same issue with HPE Arube 2920 and 2530 switches with the latest software installed. SSH connections to switches worked fine, but SSH proxy didn't connect with the same logarithm failed error.

    Have to add last step to your good instructions: restart all IMC prosesses.

    How can this issue still exist?!