Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found.

Authentication server fails to connect to Management Console (MC), sdotun service is not started or flapping (restarts every a few milliseconds.

The issue:

When ssh to management nodes, receiving following error message:

Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found. Their offer: curve25519-sha256 Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found. Their offer: curve25519-sha256

Use “-o KexAlgorithms=curve25519-sha256” to enable the key exchange algorithm, then receiving following error:

Unable to negotiate with UNKNOWN port 65535: no matching cipher found. Their offer: chacha20-poly1305@openssh.com

Added “-o KexAlgorithms=curve25519-sha256 -o cipher=chacha20-poly1305@openssh.com” to ssh parameters, the issue is gone.

When you run journal, you can see the following print: Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found. Their offer: curve25519-sha256

When you try to connect with sdo user to MC using ssh, you will see the following error:

When you try to connect with sdo user to MC using ssh -v, you will see the following error:

Cause:

Allowed algorithms in /etc/crypto-policies/back-ends/openssh.config is different from other working nodes.

On the node had this issue, /etc/crypto-policies/back-ends/openssh.config is link to /usr/share/crypto-policies/FIPS/openssh.txt while working nodes are link to /usr/share/crypto-policies/DEFAULT/openssh.txt which has a wider list of algorithms.

Fix:

Switch to /usr/share/crypto-policies/DEFAULT/openssh.txt fixed the issue with a soft link:

ln -s /usr/share/crypto-policies/DEFAULT/openssh.txt /etc/crypto-policies/back-ends/openssh.config