This problem has been posted a couple of times, but no solution helps me. We have multiple linux systems with Suse Linux Enterprise Server 11 FixPack 4. On these systems, the ssh probes (e.g. ssh disk space) functions well. Authentication is done by private key / public key. But after upgrading to SLES 12.3, the authentication fails.

default ssh engine

Message of the probe: Failed to connect. Please check the SSH log of the target device or try the Compatibility Mode of the sensor's SSH engine and consider updating the target system's operating system. Reason: ssh_userauth_publickey failed (-1)Socket error: disconnected

Message in target log: fatal: Access denied for user prtg by PAM account configuration [preauth]

Compatibility Mode ssh engine

Message of the probe: The negotiation of encryption algorithm is failed

Message in target log: no matching cipher found. Their offer: blowfish-cbc,cast128-cbc,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc [preauth]

"ssh -Q cipher" on the target

3des-cbc blowfish-cbc cast128-cbc arcfour arcfour128 arcfour256 aes128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com

What may be the next step to get deeper?


Article Comments

Hi there,

Maybe something is wrong with the private key after the update. Could you please try to regenerate the key for the system and add it to PRTG anew?

Please let me know if this helped.

Thank you!


Andreas Günther
Tech Support, Paessler AG


Sep, 2018 - Permalink

Hi,

the private key is located on our prtg machine. This one has not been updated and there are ssh sensors that functions. The problem occurs when the prtg user of the prtg machine is connecting to a monitored machine, that has been upgraded. I removed and re-added the prtg user on the monitored machine with no effect. I don't want to regenerate the private key because then I have to sync it to all monitored machines.

Any further hints?


Sep, 2018 - Permalink

Hi there,

I understand.

Please test if you're able to manual connect to the target with the private key, for example with putty. Is it working?

Please also check the auth.log on the target machine.

Thank you!


Andreas Günther
Tech Support, Paessler AG


Sep, 2018 - Permalink

Is there a way to get the private key out of the prtg installation? Cause we have it only in the prtg system and (of course) in the prtg configuration backup. After that I will gladly test the authentication with putty.


Sep, 2018 - Permalink

Hi there,

I'm afraid due to security reasons it's not possible to extract the private key out of PRTG.

Were you able to check the auth.log on the target machine?


Andreas Günther
Tech Support, Paessler AG


Sep, 2018 - Permalink

Good news: I managed to "solve" this issue by giving the prtg user a password on the target machine. Before that, only key based authentication was supported. I added a password because I wanted to test the key based authentication for the prtg user (I needed the password for ssh-copy-id). I'm not investigating further.


Sep, 2018 - Permalink

Hey,

Great you've found a solution, and also thank you for letting me know! :)


Andreas Günther
Tech Support, Paessler AG


Sep, 2018 - Permalink