Authentication server fails to connect to Management Console (MC), sdotun service is not started or flapping (restarts every a few milliseconds.
The issue:
When ssh to management nodes, receiving following error message:
Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found. Their offer: curve25519-sha256 Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found. Their offer: curve25519-sha256
Use “-o KexAlgorithms=curve25519-sha256” to enable the key exchange algorithm, then receiving following error:
Unable to negotiate with UNKNOWN port 65535: no matching cipher found. Their offer: [email protected]
Added “-o KexAlgorithms=curve25519-sha256 -o cipher=chacha20-po[email protected]” to ssh parameters, the issue is gone.
When you run journal, you can see the following print: Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found. Their offer: curve25519-sha256
When you try to connect with sdo user to MC using ssh, you will see the following error:
When you try to connect with sdo user to MC using ssh -v, you will see the following error:
Cause:
Allowed algorithms in /etc/crypto-policies/back-ends/openssh.config is different from other working nodes.
On the node had this issue, /etc/crypto-policies/back-ends/openssh.config is link to /usr/share/crypto-policies/FIPS/openssh.txt while working nodes are link to /usr/share/crypto-policies/DEFAULT/openssh.txt which has a wider list of algorithms.
Fix:
Switch to /usr/share/crypto-policies/DEFAULT/openssh.txt fixed the issue with a soft link:
ln -s /usr/share/crypto-policies/DEFAULT/openssh.txt /etc/crypto-policies/back-ends/openssh.config
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article