Issue with ssh tests after update

All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
Post Reply
Lukas
Posts: 3
Joined: Fri Sep 13, 2024 3:13 pm

Issue with ssh tests after update

Post by Lukas »

Hello,

After the update to the latest stable version of hostmonitor we noticed issues with SSH tests
Current version of hostmonitor: 13.80 (with corresponding agent version)
Target version: 14.54 (with corresponding agent version)
By corresponding we mean the version installed by the hostmonitor via the update from RMA manager

Error code on tests:
"RMA: 301 - The negotiation of mac algorithm is failed (hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512 <-> hmac-sha1,hmac-sha1-96)""

What is affected:
SSH tests on active agents after agents have been updated to the latest stable version. If hostmonitor is updated, but agents are left untouched there is no error. Keeping such setup is not possible for us as hostmonitors agent handles a lot of critical tests and it updates along the hostmonitor.

What have we tried:
  • Update to 14.01 instead, with the same result
  • Adding below line to the ini files of hostmonitor and agent according to the notes
    [SSH]
    KeyExchangeAlgorithms = curve25519-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
Could anyone provide any suggestion on how to handle this issue?
KS-Soft
Posts: 12873
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Re: Issue with ssh tests after update

Post by KS-Soft »

1) You can adjust KeyExchangeAlgorithms in version 14.54, not in 14.01
2) Its not KeyExchangeAlgorithms, its HMAC algorithms in your case

Quote from What's new section
If you need to enable older protocols, such as hmac-sha1 or hmac-md5, add HMACAlgorithms line to the [SSH] section of hostmon.ini file and restart HostMonitor. E.g.
[SSH]
HMACAlgorithms=hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5
Regards
Alex
Lukas
Posts: 3
Joined: Fri Sep 13, 2024 3:13 pm

Re: Issue with ssh tests after update

Post by Lukas »

Silly me, thank you for pointing that out!
By the way, is there like a list of all possible configuration options to be set in the ini file along with their explanations? That would help greatly during further configuration changes/issues.
KS-Soft
Posts: 12873
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Re: Issue with ssh tests after update

Post by KS-Soft »

Sorry, no such public list. Customers should not change most of hidden options except some rare cases. But may be we should make visible and document some of these options :roll:
Probably we can start from short list of such option in FAQ section

Regards
Alex
KS-Soft
Posts: 12873
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Re: Issue with ssh tests after update

Post by KS-Soft »

There are some options that might be useful
https://www.ks-soft.net/cgi-bin/phpBB/v ... php?t=8578

Regards
Alex
Post Reply