Scheduled Backup: Could not establish connection

[ksafa]

Hello,
When attempting to test the connectivity for SSH scheduled backup i get error stating "Count not establish connection to host X.X.X.X". When looking on the destination security log (/var/log/secure) I see the below entry.

Oct 26 19:10:20 XXXXXXXXX sshd[19912]: Unable to negotiate with XX.XX.XX.XX port 49814: no matching MAC found. Their offer: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected] [preauth]

These are newly installed RHEL7 servers. Not sure if issue is on Nagios side or the destination server side. Any idea what could be going on here?

Thanks

[lmiltchev]

Can you upload the /etc/ssh/ssh_config file from the Nagios XI server, and the /etc/ssh/sshd_config file from the remote machine on the forum?

Have you done any "hardening" on these machines?

You can try debugging the issues by following the steps, outlined in this article:
https://blog.tinned-software.net/debug- ... -exchange/

[ksafa]

Sent you message.

Both Nagios Host and destination have same sshd_config file.

Thanks

[ssax]

Your /etc/ssh/sshd_config on the remote SSH server has specific Ciphers and MACs defined:

Code: Select all

Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]

By default they are not usually defined so when the nagios server tries to connect it's likely using an unsupported Cipher/MAC. You will need to modify the /etc/ssh/ssh_config (this is a different file, not /etc/ssh/sshd_config) file on your nagios server to include those Ciphers/MACs so that when it tries to connect it works.

[ksafa]

Issue was resolved by adding MACs. Issue can be closed.

Thanks