Guest

Preview Tool

Cisco Bug: CSCvt33329 - Connectivity fails for IOS devices in SIP call flow analyzer and Device log collector and Inventory

Last Modified

Aug 27, 2020

Products (1)

  • Cisco Prime Collaboration

Known Affected Releases

12.1SP2 12.1SP3 12.1SP4

Description (partial)

Symptom:
PCA 12.1 
IOS version 16.x & 15.7

Device managed successfully in PCA.

Error on cube:
 %SSH-3-NO_MATCH: No matching kex algorithm found: client diffie-hellman-group1-sha1 server diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha

*Apr 20 01:28:33.119: %SSH-3-NO_MATCH: No matching cipher found: client 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr
*Apr 20 01:28:33.959: %SSH-3-NO_MATCH: No matching cipher found: client 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr



PCA error:

24-Feb-2020|11:06:04.266|INFO |LogCollectionManagerImpl|RMI TCP Connection(12503)-xxx.xxx.xxx.xxx|com.cisco.ccbu.wsc.CmdExecutor|displayMessage|311| Invalid user name or password [xxx.xxx.xxx.xxx:22(ios)]...

24-Feb-2020|11:06:06.023|INFO |LogCollectionManagerImpl|RMI TCP Connection(12503)-xxx.xxx.xxx.xxx|com.cisco.ccbu.wsc.CmdExecutor|displayMessage|315| Device is marked offline due to unreachable device or invalid user name or password [xxx.xxx.xxx.xxx:22(ios)]. Please run system init command to retry

Gateway","protocol":"SSH","portNumber":"22","connectivityStatus":"Fail","timeZone":"America\/Los_Angeles","customer":"CC UCCE"},{"id":215214644,"hostName":"cube.com","ipAddress":"xxx.xxx.xxx.xxx","isAvailableFromDWC":"Yes","deviceType":"IOS Gateway","protocol":"SSH","portNumber":"22","connectivityStatus":"Fail","timeZone":"America\/Los_Angeles","customer":"CC UCCE"},{"id":67702,"hostName":"cube.com","ipAddress":"xxx.xxx.xxx.xxx","isAvailableFromDWC":"Yes","deviceType":"IOS


24-Feb-2020|11:06:49.317|INFO |RestLogCollectionService|http-8443-2|com.cisco.nm.emms.server.rest.RestLogCollectionService|getDevice|1290| jsondata output{'ipAddress':'xxx.xxx.xxx.xxx','deviceType':'IOSGateway','protocol':'SSH','userName':'username','password':'********','enablePWD':'plain text password','timeZone':'America/Los_Angeles','portNumber':'22'}

Conditions:
PCA 12.1 
IOS 16.x


Cube:
cube#show ip ssh
SSH Enabled - version 1.99
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes192-cbc,aes128-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): cube.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC87NWdD7dvczQVPQRTCFSfuEgVFdgSpveGwazREnqf
lsrNZb8HoGG/uzE1sFXSDlNmZR0Xr+nfNAjmopaHyB06Qjfa6x1boKcxUdeKZU5spLkv6OyPhyuHzjHI
kN+EcKR/N09Qko5qKzbNcdMopG0RITqn76mEaPo6vKi2nJ\flllf8A3l++eO64r75Q7+CTV4xqKQfuiarE9Ss
uIzSmrqwZirxHZ5rNYplME07/EQlEsRdGgX1P5/avHUhNP8y/8Sb8D5XhaDtBYnAc6tqWlXcMu68toP1
uCzNOBgCVNDkXT9irMC2evUVHyXH9alPaG2MGJZeeewweM6YtRYGsxSTAuz


PCA:
		[root@ ~]# ssh -Q kex
		diffie-hellman-group14-sha1
		diffie-hellman-group14-sha256
		diffie-hellman-group16-sha512
		ecdh-sha2-nistp256
		ecdh-sha2-nistp384
		ecdh-sha2-nistp521
		curve25519-sha256
		curve25519-sha256@libssh.org



diffie-hellman-group14-sha1 available on both devices but not being negotiated.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.