[ovirt-users] adding new node through WAN - fatal: Unable to negotiate a key exchange method [preauth]

Grzegorz Szypa grzegorz.szypa at gmail.com
Sat Jan 7 07:22:12 UTC 2017 

Hi.

I made some changes and now there are fresh installations, and durring add
new node I got the same issue:

2017-01-07 07:44:08,847 ERROR
[org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-49)
[c5fb7a0] Failed to establish session with host 'node1': SSH session closed
during connection 'root at 10.30.30.51'
2017-01-07 07:44:08,847 WARN
 [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-49)
[c5fb7a0] Validation of action 'AddVds' failed for user
admin at internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__HOST,$server
10.30.30
.51,VDS_CANNOT_CONNECT_TO_SERVER

on both servers are this fresh installed system:

CentOS Linux release 7.3.1611 (Core)

Here are some informations about you asked last time:

[root at ovirt ovirt-engine]# rpm -qa | grep ovirt
ovirt-imageio-common-0.4.0-1.el7.noarch
python-ovirt-engine-sdk4-4.0.2-1.el7.centos.x86_64
ovirt-imageio-proxy-setup-0.4.0-0.201608310602.gita9b573b.el7.centos.noarch
ovirt-engine-websocket-proxy-4.0.5.5-1.el7.centos.noarch
ovirt-engine-dashboard-1.0.5-1.el7.centos.noarch
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.0.5.5-1.el7.centos.noarch
ovirt-engine-backend-4.0.5.5-1.el7.centos.noarch
ovirt-engine-extension-aaa-jdbc-1.1.1-1.el7.noarch
ovirt-host-deploy-1.5.3-1.el7.centos.noarch
ovirt-engine-wildfly-overlay-10.0.0-1.el7.noarch
ovirt-engine-setup-base-4.0.5.5-1.el7.centos.noarch
ovirt-vmconsole-proxy-1.0.4-1.el7.centos.noarch
ovirt-host-deploy-java-1.5.3-1.el7.centos.noarch
ovirt-release40-4.0.5-2.noarch
ovirt-engine-setup-plugin-ovirt-engine-common-4.0.5.5-1.el7.centos.noarch
ovirt-engine-dwh-4.0.5-1.el7.centos.noarch
ovirt-imageio-proxy-0.4.0-0.201608310602.gita9b573b.el7.centos.noarch
ovirt-engine-setup-plugin-websocket-proxy-4.0.5.5-1.el7.centos.noarch
ovirt-iso-uploader-4.0.2-1.el7.centos.noarch
ovirt-engine-dbscripts-4.0.5.5-1.el7.centos.noarch
ovirt-engine-webadmin-portal-4.0.5.5-1.el7.centos.noarch
ovirt-engine-setup-4.0.5.5-1.el7.centos.noarch
ovirt-engine-vmconsole-proxy-helper-4.0.5.5-1.el7.centos.noarch
ovirt-engine-userportal-4.0.5.5-1.el7.centos.noarch
ovirt-engine-restapi-4.0.5.5-1.el7.centos.noarch
ovirt-setup-lib-1.0.2-1.el7.centos.noarch
ovirt-engine-sdk-python-3.6.9.1-1.el7.centos.noarch
ovirt-engine-extensions-api-impl-4.0.5.5-1.el7.centos.noarch
ovirt-engine-wildfly-10.1.0-1.el7.x86_64
ovirt-engine-lib-4.0.5.5-1.el7.centos.noarch
ovirt-vmconsole-1.0.4-1.el7.centos.noarch
ovirt-engine-cli-3.6.8.1-1.el7.centos.noarch
ovirt-engine-dwh-setup-4.0.5-1.el7.centos.noarch
ovirt-engine-tools-backup-4.0.5.5-1.el7.centos.noarch
ovirt-image-uploader-4.0.1-1.el7.centos.noarch
ovirt-engine-tools-4.0.5.5-1.el7.centos.noarch
ovirt-engine-setup-plugin-ovirt-engine-4.0.5.5-1.el7.centos.noarch
ovirt-engine-4.0.5.5-1.el7.centos.noarch


[root at ovirt ovirt-engine]# tail -33f server.log
2017-01-07 07:44:08,843 INFO
 [org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[4b16ff17]-nio2-thread-2) Server version string:
SSH-2.0-OpenSSH_6.6.1
2017-01-07 07:44:08,844 WARN
 [org.apache.sshd.client.session.ClientSessionImpl]
(sshd-SshClient[4b16ff17]-nio2-thread-2) Exception caught:
java.lang.IllegalStateException: Unable to negotiate key exchange for kex
algorithms (client:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1
/ server:
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1)
        at
org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1109)
        at
org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:357)
        at
org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)
        at
org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256)
        at
org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731)
        at
org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)
        at
org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
        at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187)
        at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
        at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
        at java.security.AccessController.doPrivileged(Native Method)
[rt.jar:1.8.0_111]
        at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
[rt.jar:1.8.0_111]
        at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)
[rt.jar:1.8.0_111]
        at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)
[rt.jar:1.8.0_111]
        at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
[rt.jar:1.8.0_111]
        at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
[rt.jar:1.8.0_111]
        at
java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)
[rt.jar:1.8.0_111]
        at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)
        at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
        at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
        at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
        at java.security.AccessController.doPrivileged(Native Method)
[rt.jar:1.8.0_111]
        at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
[rt.jar:1.8.0_111]
        at sun.nio.ch.Invoker$2.run(Invoker.java:218) [rt.jar:1.8.0_111]
        at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
[rt.jar:1.8.0_111]
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_111]
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_111]
        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]



In the end server (oVirt Node) in /var/log/secure.log:

Jan  7 08:10:26 ns3047117 sshd[30377]: fatal: Unable to negotiate a key
exchange method [preauth]

2016-12-01 8:22 GMT+01:00 Yedidyah Bar David <didi at redhat.com>:

> (Adding the list. Please reply also to the list and not only
> to specific people. Thanks).
>
> On Wed, Nov 30, 2016 at 9:01 PM, Grzegorz Szypa
> <grzegorz.szypa at gmail.com> wrote:
> > Hi.
> >
> > It works.
> >
> > Problem I think are in other side, maybe I explain my landscape:
> >
> > oVirt Engine is VM on after NAT, but currectly this way are disabled and
> now
> > only work direct access to Internet via dedicated WAN IP, and oVirt Node
> are
> > VM also under separat WAN IP, but still the same problem. I think there
> is
> > no problem with SSH configuration because setting it as self-hosted
> engine
> > work fine
>
> What OS is on each of the engine and host?
>
> Did you change any configuration of sshd on the host,
> compared to the OS's defaults?
>
> Please check/share the output of previous ssh command, but
> with '-v' appended.
>
> Please also share more of the engine log, starting with a line
> containing 'AddVdsCommand'.
>
> Please attach output of: 'rpm -qa | grep ovirt'.
>
> Thanks,
>
> >
> >
> > 2016-11-30 14:18 GMT+01:00 Yedidyah Bar David <didi at redhat.com>:
> >>
> >> On Wed, Nov 30, 2016 at 1:58 PM, Grzegorz Szypa
> >> <grzegorz.szypa at gmail.com> wrote:
> >> > Hi.
> >> >
> >> > Did you meet ever with  problem, when you try to add new node to quite
> >> > new
> >> > oVirt Engine via Gui and get Error :
> >> >
> >> > engine.log:
> >> >
> >> > 2016-11-30 12:50:55,453 ERROR
> >> > [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default
> task-23)
> >> > [178c9385] Failed to establish session with host 'node1': SSH session
> >> > closed
> >> > during connection '["my new node"]'
> >> > 2016-11-30 12:50:55,453 WARN
> >> > [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default
> task-23)
> >> > [178c9385] Validation of action 'AddVds' failed for user
> >> > admin at internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__
> HOST,$server
> >> > vmsrv1.szypa.net,VDS_CANNOT_CONNECT_TO_SERVER
> >> >
> >> >
> >> >
> >> > in the end node I only got error that there is not possible, to
> exchange
> >> > key
> >> > between two hosts:
> >> >
> >> > there is log form /var/log/secure:
> >> >
> >> > fatal: Unable to negotiate a key exchange method [preauth]
> >> >
> >> > In network I found that it could be a problem with key exchange
> method,
> >> > which is not available on some host.
> >> >
> >> > SSH connection between this two hosts work fine so I do not understand
> >> > why
> >> > it does not work?
> >>
> >> Please try this, from the engine machine, as user root:
> >>
> >> ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa HOST
> >>
> >> Replace "HOST" with the name or address you input in the field "Address"
> >> in the "New Host" dialog. I think that's 'node1', from above.
> >>
> >> Does it work? If not, please check sshd configuration/logs on the host.
> >>
> >> Best,
> >> --
> >> Didi
> >
> >
> >
> >
> > --
> > G.Sz.
>
>
>
> --
> Didi
>



-- 
G.Sz.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170107/b1e181ae/attachment.html>

More information about the Users mailing list