Seem to remember having a similar issue but it wasn't just Solarwinds that could not access. I believe that we resolved by stopping and restarting the ssh service. enabling telnet temporarily would allow this to be done remotely. Worth checking that the crypto key generation has been done and checking that the routing is available via VRF as the management interface uses a VRF to separate the traffic.
I've regen'd the crypto key. What's odd is that I can SSH to it from windows, linux and MAC. Just not from Solarwinds. Even stranger is that if I use the ssh function in the device summary I can SSH to it from there as well. It seems that whatever function its using to SSH for NCM just isn't working.
1 of 1 people found this helpful
How is your connection profile configured? So when you press the Test button, I'm assuming it's failing for you. Once it fails, click on Show credential login details. It will show you what it was trying to do.
It sounds like you just need to tweak the connection profile.
Device Template: Cisco IOS-22.214.171.124.4.1.9
Also tried SSH Auto, SSH v1, SSHv2. Same results. Test Failed. Connection Refused. Though non 3850 switches down stream of this device on the same management subnet work just fine. So far I have this issue with all three locations that I have a 3850 acting as a building router.
Jan 4 14:34:10.577: SSH3: starting SSH control process
Jan 4 14:34:10.577: SSH3: sent protocol version id SSH-2.0-Cisco-1.25
Jan 4 14:34:10.578: SSH3: protocol version id is - SSH-2.0-WeOnlyDo 126.96.36.199
Jan 4 14:34:10.579: SSH2 3: kexinit sent: kex algo = diffie-hellman-group14-sha1
Jan 4 14:34:10.579: SSH2 3: Server certificate trustpoint not found. Skipping hostkey algo = x509v3-ssh-rsa
Jan 4 14:34:10.579: SSH2 3: kexinit sent: hostkey algo = ssh-rsa
Jan 4 14:34:10.579: SSH2 3: kexinit sent: encryption algo = aes128-ctr,aes192-ctr,aes256-ctr
Jan 4 14:34:10.579: SSH2 3: kexinit sent: mac algo = hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
Jan 4 14:34:10.579: SSH2 3: SSH2_MSG_KEXINIT sent
Jan 4 14:34:10.581: SSH2 3: SSH2_MSG_KEXINIT received
Jan 4 14:34:10.581: SSH2 3: kex: client->server enc:aes128-ctr mac:hmac-sha2-256
Jan 4 14:34:10.581: SSH2 3: kex: server->client enc:aes128-ctr mac:hmac-sha2-256
Jan 4 14:34:10.581: SSH2 3: Using hostkey algo = ssh-rsa
Jan 4 14:34:10.582: SSH2 3: Using kex_algo = diffie-hellman-group14-sha1
Jan 4 14:34:10.647: SSH2 3: expecting SSH2_MSG_KEXDH_INIT
Jan 4 14:34:10.647: SSH2 3: SSH2_MSG_KEXDH_INIT received
Jan 4 14:34:10.739: SSH2: kex_derive_keys complete
Jan 4 14:34:10.739: SSH2 3: SSH2_MSG_NEWKEYS sent
Jan 4 14:34:10.739: SSH2 3: waiting for SSH2_MSG_NEWKEYS
Jan 4 14:34:10.749: SSH2 3: SSH2_MSG_NEWKEYS received
Jan 4 14:34:10.750: SSH2 3: Authentications that can continue = publickey,keyboard-interactive,password
Jan 4 14:34:10.751: SSH2 3: Using method = none
Jan 4 14:34:10.751: SSH2 3: Authentications that can continue = publickey,keyboard-interactive,password
Jan 4 14:34:10.753: SSH2 3: Using method = password
Jan 4 14:34:10.855: SSH3: Session disconnected - error 0x00
Can you SSH to these devices from the Solarwinds server but using something like Putty?
Yes, if I RDP to the server I can use Putty from there to SSH to the device. It's very odd why it can't SSH via NCM.
Post up a screen shot on how you have the NCM profile configured.
It might be the type of ssh being used. I've found some times you need to set to use ssh V1 or SSH V2 only in order to get the desired effect. Auto will try both but I'm not sure of the order so I'd try V2 only first.