Resolving Unable to SSH to Host Error - exception.host.ssh.connection.failed (KBA7955)
KBA
KBA# 7955Applicable Delphix Versions
- Click here to view the versions of the Delphix engine to which this article applies
-
Major Release All Sub Releases 5.3
5.3.0.0, 5.3.0.1, 5.3.0.2, 5.3.0.3, 5.3.1.0, 5.3.1.1, 5.3.1.2, 5.3.2.0, 5.3.3.0, 5.3.3.1, 5.3.4.0, 5.3.5.0, 5.3.6.0, 5.3.7.0, 5.3.7.1, 5.3.8.0, 5.3.8.1, 5.3.9.0 5.2
5.2.2.0, 5.2.2.1, 5.2.3.0, 5.2.4.0, 5.2.5.0, 5.2.5.1, 5.2.6.0, 5.2.6.1
Issue
When trying to add a new environment or refresh an existing environment, the action fails with an error like the following:
Error: Unable to SSH to host "snoopy.acme.com".
Error Code: exception.host.ssh.connection.failed
Suggested Action: Make sure "snoopy.acme.com" is running and is reachable via SSH from the Delphix Engine.
Diagnosing Information: Reached a server listening on port 22 on host "snoopy.acme.com" from the Delphix Engine.
This error generally happens on Delphix versions prior to 6.x when trying to add new or refresh existing environments because the Linux host does not allow SHA1 (Secure Hash Algorithm 1). Recent versions of Linux have deprecated SHA1 and removed support for it from the "sshd_config" file.
Troubleshooting Unable to SSH to Host Due to "Cannot negotiate, proposals do not match" Error
On some versions of Linux, it may be possible to review the /etc/ssh/sshd_config
file to see which algorithms are supported. On others, you may need to run the following command as the root user to get a listing of the supported ciphers, key exchanges, and MACs:
# sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"
gssapikexalgorithms gss-gex-sha1-,gss-group14-sha1-
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
Resolution
To resolve the issue there are two options:
- Upgrade to Delphix 6.x which fully supports SHA2.
- Add back support for SHA1 until it is possible to upgrade the Delphix Engine to 6.x by updating the
sshd_config
of the target host with:
- Any of the following Key Exchanges:
- diffie-hellman-group1-sha1
- diffie-hellman-group-exchange-sha1
- Any of the following ciphers:
- 3des-cbc
- aes128-cbc
- Any of the following MACs:
- hmac-sha1
- hmac-md5
After updating the sshd_config
with the above, it is necessary to restart the sshd daemon.