Nagios Support Forum

Hi Experts,

We have Nagios XI 5.6.10 and 5.6.6 in our environment.
We are trying to monitor HP UX 11.0 running with SSH: 2.4.0 on hppa1.1-hp-hpux11.00 with SSH cypher algorithm check. At present we are enable to SSH to this server from Nagios XI even though the required user with expected privileges is configured.

Can you please suggest how can we connect to this server considering the old version and ciphers in place.


Regards
Vishal Dhote

Can you please post the output from running the following command?:

Also, what is the output from the following command?

Hi,

Please find the below output:

[nagios@<NagiosServer> ~]$ ssh -vv <IP Address of HP UX Server>
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "<IP Address of HP UX Server>" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to <IP Address of HP UX Server> [<IP Address of HP UX Server>] port 22.
debug1: Connection established.
debug1: identity file /home/nagios/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nagios/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nagios/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nagios/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nagios/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nagios/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nagios/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nagios/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version 2.4.0 SSH Secure Shell
debug1: match: 2.4.0 SSH Secure Shell pat 2.* compat 0x02800040
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to <IP Address of HP UX Server>:22 as 'nagios'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: [email protected],ssh-dss,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss
debug2: ciphers ctos: 3des-cbc,blowfish-cbc,twofish-cbc,arcfour,cast128-cbc,3des-ecb,3des-cfb,3des-ofb,cast128-ecb,cast128-cfb,cast128-ofb,cast128-12-ecb,cast128-12-cbc,cast128-12-cfb,cast128-12-ofb,blowfish-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,twofish-cfb,twofish-ofb
debug2: ciphers stoc: 3des-cbc,blowfish-cbc,twofish-cbc,arcfour,cast128-cbc,3des-ecb,3des-cfb,3des-ofb,cast128-ecb,cast128-cfb,cast128-ofb,cast128-12-ecb,cast128-12-cbc,cast128-12-cfb,cast128-12-ofb,blowfish-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,twofish-cfb,twofish-ofb
debug2: MACs ctos: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160-96,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160
debug2: MACs stoc: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160-96,sha1-8,sha1,md5-8,md5,ripemd160-8,ripemd160
debug2: compression ctos: none,zlib
debug2: compression stoc: none,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-dss
Unable to negotiate with <IP Address of HP UX Server> port 22: no matching cipher found. Their offer: 3des-cbc,blowfish-cbc,twofish-cbc,arcfour,cast128-cbc,3des-ecb,3des-cfb,3des-ofb,cast128-ecb,cast128-cfb,cast128-ofb,cast128-12-ecb,cast128-12-cbc,cast128-12-cfb,cast128-12-ofb,blowfish-ecb,blowfish-cfb,blowfish-ofb,des-ecb,des-cbc,des-cfb,des-ofb,twofish-ecb,twofish-cfb,twofish-ofb

[nagios@<NagiosServer> ~]$ nmap -Pn -T4 -sC -p 22 <IP Address of HP UX Server>
Starting Nmap 6.47 ( http://nmap.org ) at 2021-01-14 13:49 AEDT
Nmap scan report for <HPUX Server> (<IP Address of HP UX Server>)
Host is up (0.0015s latency).
PORT STATE SERVICE
22/tcp open ssh
| ssh-hostkey:
|_ 1024 d4:fc:fb:f9:d5:77:a1:42:7f:e1:07:25:a4:8e:08:3c (DSA)
Nmap done: 1 IP address (1 host up) scanned in 16.14 seconds

You can try using this with check_by_ssh:
That is what you're trying to use, right?

You can also try passing the -o option and do this: