Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Unable to discover MX device in Junos Space: SSH connection failed

0

0

Article ID: KB32006 KB Last Updated: 20 Jul 2017Version: 1.0
Summary:

This article explains the algorithms present in various MX platforms by default, and algorithms offered by Junos Space Server (various versions) for device discovery.

This information is useful in resolving device discovery failure issues.

 

Symptoms:

Not able to discover device MX 80/104 in Junos space.
Failure Reason : ​SSH connection failed. Device might not be reachable through device management interface.

 

Cause:

Algorithms present in various MX platforms by default:

  • ​MX80/104:​ curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1

  • MX240/480/960:​ curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1

  • Junos Space offers only one algorithm: diffie-hellman-group1-sha1 ( for version below 16.1R1)

 

Solution:
  • If diffie-hellman-group1-sha1 algorithm is not specified in MX80/104 under section: system services ssh key-exchange while device discovery ​in Junos Space server (version 16.1R1 and lower), discovery will fail with ​Reason: ​SSH connection failed. Device might not be reachable through device management interface.

  • SSH from Junos Space server CLI to MX may work. However, its not a correct test as device discovery uses a different procedure of j2ssh library which is different from standard linux sshtool.

  • Enabling server.log in debug mode in Junos space server can indicate the problem ( snippet below)

2017-07-06 20:48:31,766 INFO  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Thread-140405 (HornetQ-client-global-threads-1216056222)) Starting transport protocol
2017-07-06 20:48:31,767 INFO  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Registering transport protocol messages with inputstream
2017-07-06 20:48:31,776 INFO  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Negotiating protocol version
2017-07-06 20:48:31,776 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Local identification: SSH-2.0-http://www.sshtools.com J2SSH [CLIENT]
2017-07-06 20:48:31,966 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) EOL is guessed at CR+LF
2017-07-06 20:48:31,967 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Remote identification: SSH-2.0-OpenSSH_7.1
2017-07-06 20:48:31,967 INFO  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Protocol negotiation complete
2017-07-06 20:48:31,970 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) SshMsgKexInit:
2017-07-06 20:48:31,970 INFO  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Sending SSH_MSG_KEX_INIT
2017-07-06 20:48:31,973 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Received SSH_MSG_KEX_INIT
2017-07-06 20:48:31,973 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Received remote key exchange init message
​2017-07-06 20:48:31,973 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) SshMsgKexInit:
2017-07-06 20:48:31,974 INFO  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Starting key exchange
2017-07-06 20:48:31,974 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Determine Algorithm
2017-07-06 20:48:31,974 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Client Algorithms: [diffie-hellman-group1-sha1]
2017-07-06 20:48:31,974 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Server Algorithms: [curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1]
2017-07-06 20:48:31,974 INFO  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) Sending SSH_MSG_DISCONNECT
2017-07-06 20:48:31,976 FINE  [com.sshtools.j2ssh.transport.TransportProtocolCommon] (Transport protocol 1) The Transport Protocol has been stopped

As a solution: diffie-hellman-group1-sha1 algorithm needs to be specified in ​MX80/104 platform if not configured already.

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search