Solarwinds SSH to OpenGear ACM7008 device error

Hi All

I am trying to setup config backups for our OpenGear ACM7008 but SSH is failing with the error "Could not negotiate key exchange algorithm" screenshot attached. Then on the OpenGear syslog I get the error "Unable to negotiate with <ip address> port 59619: no matching host key type found. Their offer: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss [preauth]". We are running Hybrid Cloud Observability Advanced version 2023.4.2. I tried recommended updates to the OpenGear SSH config file, added HostKeyAlgorithms =+ssh-rsa. Still get same error.

Any help would be much appriciaed.

Thanks

Ed

  • We don't have any OpenGear kit here to verify but it sounds like the key exchange algorithm is too new on the OG side.  We have similar issues on the newer firmware for HPE kit and the newer FortiOS. 

    For the HPE we have to downgrade the key exchange to one that SolarWinds can do and with FortiOS that isn't a possibility so we are waiting on SolarWinds to update their end. I currently have a query in via our 'senior customer success manager' but so far I've had no update other than "we will coordinate internally and get back to you".

    Bottom line.. if you can downgrade your key-exchange to one of these: diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ext-info-c - then it should work.

    Looking at this page: https://opengear.zendesk.com/hc/en-us/articles/216373023-What-cryptographic-network-services-protocols-ciphers-hashes-are-supported- suggests the following should work (depending on your OS version): iffie-hellman-group-exchange-sha256 or iffie-hellman-group-exchange-sha1 or diffie-hellman-group1-sha1 ordiffie-hellman-group14-sha1.

    HTH

  • Trying to setup NCM with v10.5.26.64 on Opengear CM7116 v4.13.6 over SSHv2 and getting the below error. Tried the following key exchange algorithms and no luck. Any thoughts?

    Model: Opengear CM7116-2-D​AC, Linux 3.10.0-uc0 armv7l, OpenGear/C​M71xx Version 4.13.6 bcdfa9f9 -- Tue Sep 26 17:09:47 UTC 2023

    Exchange Algorithms:
    diffie-hellman-group14-sha256
    diffie-hellman-group-exchange-sha256
    diffie-hellman-group-exchange-sha1
    diffie-hellman-group1-sha1
    diffie-hellman-group14-sha1
    ecdh-sha2-nistp256
    ecdh-sha2-nistp384
     
    TEST RESULTS:
    Error: Could not negotiate key exchange algorithm
    Test Id: 5cac846e-35af-4d87-999d-e355d0c3b85f
    Engine Id: 2
    Engine name: ********
    Engine IP: ********
    Remote host:********

    TEST LOG:
    4/3/2024 8:14:40 PM: Setting WeOnlyDo properties
    4/3/2024 8:14:40 PM: Starting connection procedure
    4/3/2024 8:14:40 PM: State change detected: Disconnected -> Connecting
    4/3/2024 8:14:40 PM: State change detected: Connecting -> Disconnected
    4/3/2024 8:14:40 PM: Test connection procedure finished. Time elapsed: 00:00:00.0888828
    4/3/2024 8:14:40 PM: Could not negotiate key exchange algorithm

    TEST PROPERTIES:
    authentication : Password
    encryptionList : aes128-ctr,aes128-cbc,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc,chacha20-poly1305@openssh.com,rijndael-cbc@lysator.liu.se
    encryptionMethod : enc3DES
    exitSignal : Not Set
    fingerPrintType : MD5
    fips : False
    forwardHost : Not Set
    forwardPort : 0
    hMacList : hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,none
    hostname : ********
    keepAlives : 0
    keyExchangeList : diffie-hellman-group1-sha1
    keyForwarding : False
    keySignatureList : rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
    password : ********
    port : 22
    protocol : Ssh2
    proxyHostname : Not Set
    proxyLogin : Not Set
    proxyPort : 1080
    proxyType : ProxyNone
    showStdErrorMessages : True
    stripAnsi : False
    terminalType : vt100
    timeout : 20
    username : ********