Unable to remotely install JBoss ON agent due to failure to find matching key exchange algorithm

Solution Verified - Updated

Environment

  • Red Hat JBoss Operations Network (ON) 3.3
  • remote installation of agent through UI's SSH utility

Issue

  • Cannot install agent due to ssl error

  • target machine includes below message in /var/log/messages:

    fatal: Unable to negotiate with 10.202.224.48 port 45748: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]

  • JBoss ON server.log contains error similar to:

    ERROR [org.jboss.as.ejb3.invocation] (http-0.0.0.0:7080-1) JBAS014134: EJB Invocation failed on component RemoteInstallManagerBean for method public abstract void org.rhq.enterprise.server.install.remote.RemoteInstallManagerRemote.checkSSHConnection(org.rhq.core.domain.auth.Subject,org.rhq.core.domain.install.remote.RemoteAccessInfo) throws org.rhq.core.domain.install.remote.SSHSecurityException: javax.ejb.EJBException: java.lang.RuntimeException: Failed SSH connection
	...
Caused by: java.lang.RuntimeException: Failed SSH connection
	...
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
	at com.jcraft.jsch.Session.receive_kexinit(Session.java:583) [jsch-0.1.51.jar:]
	at com.jcraft.jsch.Session.connect(Session.java:320) [jsch-0.1.51.jar:]
	at org.rhq.enterprise.server.install.remote.SSHInstallUtility.connect(SSHInstallUtility.java:216) [rhq-server.jar:4.12.0.JON330GA-redhat-7]
	... 107 more

Resolution

This issue should be resolved in JBoss ON 3.3 Update-09 (3.3.9) and later as the underlying secure shell implementation has been updated with new ciphers.

If you are unable to update or there are insufficient ciphers on the remote system, you will either need to install the agent locally on the target system (downloading the agent from http://jonserver:7080/agentupdate/download or add the missing ciphers to the target system's SSH daemon.

SBR
Product(s)
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.