Discovering Linux workload states access denied

  • 7018214
  • 31-Oct-2016
  • 11-Nov-2016

Environment

NetIQ PlateSpin Protect 11.x
NetIQ PlateSpin Forge 4.x, 11.x
NetIQ PlateSpin Migrate 11x, 12.x

Situation

1)    Discovering a Linux workload using the correct credentials states access denied.

2)    Connecting to the machine via putty returns:
Server unexpectedly closed network connection.

3)    The sshd log on the server reports:
Fatal: no matching ciper found

Resolution

One of the below solutions should resolve the issue:
A)    Comment the Ciphers line by putting a # in front of it in /etc/ssh/sshd_config
1)    Once that is finished restart the sshd service.
a.     service ssh restart
Or
b.    /etc/init.d/sshd restart
2)    reattempt the workload discovery


B)    Modify the Cipher line in the sshd_config file to read:
Ciphers aes128-cbc,serpent192-cbc,cast128-cbc,twofish128-cbc,aes192-cbc,serpent256-cbc,twofish192-cbc,aes256-cbc,serpent128-cbc,blowfish-cbc,twofish256-cbc,3des-cbc
1)    Once that is finished restart the sshd service.
a.     service ssh restart
Or
b.    /etc/init.d/sshd restart
2)    reattempt the workload discovery

C)    Contact your operating system vendor and verify one of the following ciphers is enabled for the sshd service: aes128-cbc,serpent192-cbc,cast128-cbc,twofish128-cbc,aes192-cbc,serpent256-cbc,twofish192-cbc,aes256-cbc,serpent128-cbc,blowfish-cbc,twofish256-cbc,3des-cbc
a.    reattempt the workload discovery.

Cause

Platespin supports the following ssh ciphers:
aes128-cbc,serpent192-cbc,cast128-cbc,twofish128-cbc,aes192-cbc,serpent256-cbc,twofish192-cbc,aes256-cbc,serpent128-cbc,blowfish-cbc,twofish256-cbc,3des-cbc

 These are required by the ssh client so the dh_handshake can take place with the server before attempting to authenticate a password. If you are in this situation the connection is failing before any authentication takes place, as the ssh client and server cannot negotiate the encryption settings for the session.