This problem has been posted a couple of times, but no solution helps me. We have multiple linux systems with Suse Linux Enterprise Server 11 FixPack 4. On these systems, the ssh probes (e.g. ssh disk space) functions well. Authentication is done by private key / public key. But after upgrading to SLES 12.3, the authentication fails.
default ssh engine
Message of the probe: Failed to connect. Please check the SSH log of the target device or try the Compatibility Mode of the sensor's SSH engine and consider updating the target system's operating system. Reason: ssh_userauth_publickey failed (-1)Socket error: disconnected
Message in target log: fatal: Access denied for user prtg by PAM account configuration [preauth]
Compatibility Mode ssh engine
Message of the probe: The negotiation of encryption algorithm is failed
Message in target log: no matching cipher found. Their offer: blowfish-cbc,cast128-cbc,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc [preauth]
"ssh -Q cipher" on the target
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
What may be the next step to get deeper?
Article Comments
Hi,
the private key is located on our prtg machine. This one has not been updated and there are ssh sensors that functions. The problem occurs when the prtg user of the prtg machine is connecting to a monitored machine, that has been upgraded. I removed and re-added the prtg user on the monitored machine with no effect. I don't want to regenerate the private key because then I have to sync it to all monitored machines.
Any further hints?
Sep, 2018 - Permalink
Hi there,
I understand.
Please test if you're able to manual connect to the target with the private key, for example with putty. Is it working?
Please also check the auth.log on the target machine.
Thank you!
Andreas Günther
Tech Support, Paessler AG
Sep, 2018 - Permalink
Is there a way to get the private key out of the prtg installation? Cause we have it only in the prtg system and (of course) in the prtg configuration backup. After that I will gladly test the authentication with putty.
Sep, 2018 - Permalink
Hi there,
I'm afraid due to security reasons it's not possible to extract the private key out of PRTG.
Were you able to check the auth.log on the target machine?
Andreas Günther
Tech Support, Paessler AG
Sep, 2018 - Permalink
Good news: I managed to "solve" this issue by giving the prtg user a password on the target machine. Before that, only key based authentication was supported. I added a password because I wanted to test the key based authentication for the prtg user (I needed the password for ssh-copy-id). I'm not investigating further.
Sep, 2018 - Permalink
Hey,
Great you've found a solution, and also thank you for letting me know! :)
Andreas Günther
Tech Support, Paessler AG
Sep, 2018 - Permalink
Hi there,
Maybe something is wrong with the private key after the update. Could you please try to regenerate the key for the system and add it to PRTG anew?
Please let me know if this helped.
Thank you!
Andreas Günther
Tech Support, Paessler AG
Sep, 2018 - Permalink