Authentication server fails to connect to Management Console (MC), sdotun service is not started or flapping (restarts every a few milliseconds.
The issue:
When ssh to management nodes, receiving following error message:
Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found. Their offer: curve25519-sha256 Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found. Their offer: curve25519-sha256
Use “-o KexAlgorithms=curve25519-sha256” to enable the key exchange algorithm, then receiving following error:
Unable to negotiate with UNKNOWN port 65535: no matching cipher found. Their offer: chacha20-poly1305@openssh.com
Added “-o KexAlgorithms=curve25519-sha256 -o cipher=chacha20-poly1305@openssh.com” to ssh parameters, the issue is gone.
When you run journal, you can see the following print: Unable to negotiate with UNKNOWN port 65535: no matching key exchange method found. Their offer: curve25519-sha256
When you try to connect with sdo user to MC using ssh, you will see the following error:
When you try to connect with sdo user to MC using ssh -v, you will see the following error:
Cause:
Allowed algorithms in /etc/crypto-policies/back-ends/openssh.config is different from other working nodes.
On the node had this issue, /etc/crypto-policies/back-ends/openssh.config is link to /usr/share/crypto-policies/FIPS/openssh.txt while working nodes are link to /usr/share/crypto-policies/DEFAULT/openssh.txt which has a wider list of algorithms.
Fix:
Switch to /usr/share/crypto-policies/DEFAULT/openssh.txt fixed the issue with a soft link:
ln -s /usr/share/crypto-policies/DEFAULT/openssh.txt /etc/crypto-policies/back-ends/openssh.config