Re: NonStop sftp SSH: cause to disconnect: failed to negotiate host key algorithm

Kee_aus · ‎06-12-2024

Trying to SFTP

> sftp -S $ss02p acoe_ATMConnex_ftp@10.44.128.94
SFTP client version T9999L02_30JUN2021_comForte_SFTP_10_14_0
Connecting to 10.44.128.94 via SSH2 process $ss02p ...
Error on ssh session: SSH: cause to disconnect: failed to negotiate host key algorithm

I am told it might be that the receiving server (a Redhat is SHA2 hashing instead of SHA1. Firstly how do I check from my existing SSH2 process and secondly how to configure a SSH2 with SHA2 hashing.

samotomas · ‎06-12-2024

Ideally you'll want to use an SSH client (such as PuTTy if on windows) this will allow you better ability to control Hasing algorithms during connection.

the logs you pasted indicate you're using attempting an SFTP connection which is failing to negotiate during connection. reccomend troubleshooting via SSH initially to get compatible ciphers then attempt SFTP conection

Kee_aus · ‎06-12-2024

How does one troubleshoot using SSH from the NonStop? Doing via Putty is not an option. The source and target are whitelisted on the firewall, if I try to do via Putty from my laptop it will get rejected.

samotomas · ‎06-12-2024

This is the NonStop SSH reference/documentation; HPE NonStop SSH Reference Manual

Hopefully that can assist you in changing the Hashing and Ciphers

Kee_aus · ‎06-12-2024

Thanks that was useful, especially SSHCOM. I could peruse the SSH process and it list
[def ] CLIENTALLOWEDAUTHENTICATIONS <none,gssapi-with-mic,publickey,password,keyboard-interactive>
[def ] CLIENTALLOWEDKEXALGORITHMS <diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256>
[def ] CLIENTALLOWEDSUBSYSTEMS <tacl,sftp,ci>
[def ] CLIENTCIPHERS <aes256-gcm,aes128-gcm,aes256-ctr,aes128-ctr>
[def ] CLIENTMACS <hmac-sha2-256,hmac-sha2-512>

But I am not sure if the SSH2 does this automatically, ie if the target is SHA1 or SHA2 does it auto detects.

samotomas · ‎06-12-2024

The target will Negotiate to an agreed hashing, but based on below CLIENTALLOWED Key Exchange Algo's...

[def ] CLIENTALLOWEDAUTHENTICATIONS <none,gssapi-with-mic,publickey,password,keyboard-interactive>
[def ] CLIENTALLOWEDKEXALGORITHMS <diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256>
[def ] CLIENTALLOWEDSUBSYSTEMS <tacl,sftp,ci>
[def ] CLIENTCIPHERS <aes256-gcm,aes128-gcm,aes256-ctr,aes128-ctr>
[def ] CLIENTMACS <hmac-sha2-256,hmac-sha2-512>

it will try and use the diffie-hellman-group14-SHA1 before, attempting SHA2... - if you update this line,

[def ] CLIENTALLOWEDKEXALGORITHMS <diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256>
TO
[def ] CLIENTALLOWEDKEXALGORITHMS <diffie-hellman-group-exchange-sha256>

and connect, does it work?

Kee_aus · ‎06-13-2024

@samotomas Unfortunately not.
9> sftp -S $ss02c -o KEXALGORITHMS=diffie-hellman-group-exchange-sha256 -o MACS=hmac-sha2-256 vnl00008253.private
cloud.test.au.internal.cba
SFTP client version T9999L02_23JAN2023_comForte_SFTP_10_15_1
Connecting to vnl00008253.privatecloud.test.au.internal.cba via SSH2 process $ss02c ...
Error on ssh session: SSH: cause to disconnect: failed to negotiate host key algorithm
STOPPED: $Y8HB
CPU time: 0:00:00.006
3: Premature process termination with fatal errors or diagnostics
Termination Info: 255

10> SSH -S $ss02c -o KEXALGORITHMS=diffie-hellman-group-exchange-sha256 -o MACS=hmac-sha2-256 vnl00008253.private
cloud.test.au.internal.cba
SSH client version T9999L02_23JAN2023_comForte_SSH_10_15_1
"Error on ssh session: SSH: cause to disconnect: failed to negotiate host key algorithm"
STOPPED: $Y8HC
CPU time: 0:00:00.005

Kee_aus · ‎06-17-2024

Solved by upgrading SSH2 object to

vproc $system.zssh.ssh2
VPROC - T9617H01 - (03 MAY 2016) SYSTEM \TAND2 Date 18 JUN 2024, 11:03:55
Copyright 1986-2016 Hewlett Packard Enterprise Development LP

$SYSTEM.ZSSH.SSH2
Binder timestamp: 10MAY2023 12:28:43 LCT, 10MAY2023 02:28:43 GMT
Version procedure: T9999L02_23JAN2023_comForte_SSH2_10_15_1
Version procedure: T9999L02_15JUL2021_comForte_EMSLGR_1_1_1
Version procedure: T9999L02_07APR2022_comForte_CPPHLPR_1_6_6
Version procedure: S7053L01^25AUG15^LOAD^ABI^02JUL
Version procedure: T9999L02_16SEP2019_comForte_SWTCHUSR_1_1_6
Version procedure: T8432L01_01FEB2017_CCPMAINX_24JAN2017_ACE
Version procedure: T9999L02_25JAN2023_comForte_CPPBASE_2_12_4
Version procedure: T0801L02_21JUL2023_ADS
Version procedure: T9999L02_26JUL2021_comForte_AESNI_2_0_0
Version procedure: T9999L02_16MAY2022_comForte_CRYPTOPP_8_2_12
Version procedure: T8432L01_01MAY2016_CRTLNSX_08MAR2016_ACD
TNS/X Native Mode: runnable file

Sunitha_Mod · ‎06-18-2024

Hello @Kee_aus,

That's Excellent!

We are happy to hear you were able to find the solution and we appreciate you for keeping us updated.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: NonStop sftp SSH: cause to disconnect: failed to negotiate host key algorithm

NonStop sftp SSH: cause to disconnect: failed to negotiate host key algorithm