Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ubuntu 22.04 / Net-SSH not working #2529

Closed
dbh2 opened this issue May 2, 2022 · 10 comments
Closed

Ubuntu 22.04 / Net-SSH not working #2529

dbh2 opened this issue May 2, 2022 · 10 comments

Comments

@dbh2
Copy link

dbh2 commented May 2, 2022

I upgraded an existing functional LibreNMS/Oxidized integrated set up from Ubuntu 20.04 to 22.04 last week.

After I got all the Libre side sorted, I turned to Oxidized. I had to reinstall oxidized gems following a guide. It installed on Ruby 3.0.2p107 as comes with Ubuntu 22.04. Oxidized seems to open and work fine however it does not poll. I did some digging and it seems net-ssh in its current state does not support OpenSSL 3.

I went to their github and the dev released 7.0.0 beta which I installed and I modified the Gemfile in /var/lib/gems/3.0.0/gems/oxidized-0.28.0 to add: gem 'net-ssh', '~> 7.0.0.beta1', require: 'net/ssh', and I modified the version in oxidized.gemspec as well and did bundle update.

It still does not work and I still get:

W, [2022-05-02T11:31:44.635655 #1691404] WARN -- : 10.100.0.108 raised Net::SSH::ConnectionTimeout (rescued RuntimeError) with msg "timeout during server version negotiating"
W, [2022-05-02T11:31:45.631982 #1691404] WARN -- : /ex3400-8.nj.redacted.int status no_connection, retries exhausted, giving up
E, [2022-05-02T11:31:45.723690 #1691404] ERROR -- : 10.100.0.109 raised OpenSSL::PKey::PKeyError with msg "pkeys are immutable on OpenSSL 3.0", 10.100.0.109 saved
W, [2022-05-02T11:31:46.633739 #1691404] WARN -- : /ex3400-9.nj.redacted.int status no_connection, retry attempt 1
E, [2022-05-02T11:31:46.729115 #1691404] ERROR -- : 10.100.0.109 raised OpenSSL::PKey::PKeyError with msg "pkeys are immutable on OpenSSL 3.0", 10.100.0.109 saved
W, [2022-05-02T11:31:47.635853 #1691404] WARN -- : /ex3400-9.nj.redacted.int status no_connection, retry attempt 2
W, [2022-05-02T11:32:07.663006 #1691404] WARN -- : 10.100.0.109 raised Net::SSH::ConnectionTimeout (rescued RuntimeError) with msg "timeout during server version negotiating"
W, [2022-05-02T11:32:08.660681 #1691404] WARN -- : /ex3400-9.nj.redacted.int status no_connection, retry attempt 3
W, [2022-05-02T11:32:28.689392 #1691404] WARN -- : 10.100.0.109 raised Net::SSH::ConnectionTimeout (rescued RuntimeError) with msg "timeout during server version negotiating"
W, [2022-05-02T11:32:29.685289 #1691404] WARN -- : /ex3400-9.nj.redacted.int status no_connection, retries exhausted, giving up

What next steps can I take here to attempt to get this working?

My baseline config is here.

oxidized config.txt

@f0o
Copy link
Contributor

f0o commented May 29, 2022

Can reproduce unfortunately. Will have a look if it's possible to chroot net/ssh to use older OpenSSL libs instead

@dbh2
Copy link
Author

dbh2 commented May 29, 2022 via email

@f0o
Copy link
Contributor

f0o commented May 29, 2022

diff --git a/oxidized.gemspec b/oxidized.gemspec
index e57cea0..fcf5e44 100644
--- a/oxidized.gemspec
+++ b/oxidized.gemspec
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'asetus',  '~> 0.1'
   s.add_runtime_dependency 'bcrypt_pbkdf', '~> 1.0'
   s.add_runtime_dependency 'ed25519', '~> 1.2'
-  s.add_runtime_dependency 'net-ssh', '~> 5'
+  s.add_runtime_dependency 'net-ssh', '~> 7.0.0.beta1'
   s.add_runtime_dependency 'net-telnet', '~> 0.2'
   s.add_runtime_dependency 'rugged',  '~> 0.28.0'
   s.add_runtime_dependency 'slop',    '~> 4.6'

That and then rake install solved it for me

@f0o f0o mentioned this issue May 31, 2022
4 tasks
@sorano
Copy link
Contributor

sorano commented Jun 23, 2022

@f0o solution worked fine for me.

However, it is worth noting that if you have older switches you may encounter the following:
raised Net::SSH::Exception (rescued RuntimeError) with msg "could not settle on kex algorithm Server kex preferences: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

@Bierchermuesli
Copy link

append_all_supported_algorithms: true is nesseary for 7.0 and older cryptos.

There is a open PR for this: #2570

@laxxie
Copy link

laxxie commented Jul 12, 2022

Sry for my little understanding but where do i have to set append_all_supported_algorithms: true ?

append_all_supported_algorithms: true is nesseary for 7.0 and older cryptos.

There is a open PR for this: #2570

@beabaul
Copy link

beabaul commented Jul 13, 2022

Exact same problem here. Updated the net-ssh gem and that brought me here after that still would not work. "raised OpenSSL::PKey::PKeyError with msg "pkeys are immutable on OpenSSL 3.0" - Have spent hours and hours on this now. Noob here....How do you apply that patch?

@Bierchermuesli
Copy link

append_all_supported_algorithms: true is a internal net-ssh parameter, this is not oxidized config parameter. This is applied in this PR: #2570 have a look at #2570 (comment) to early adapt this Patch

@beabaul
Copy link

beabaul commented Jul 13, 2022

Thanks - looks like that did the trick. In your suggestion I changed the syntax for "git checkout ssh-tssh-test-branch" to "git checkout ssh-test-branch" and it worked out. My stuff looks to be running now. Thanks a lot!

@laxxie
Copy link

laxxie commented Jul 14, 2022

Yeah, after it was merged to the masterbranch yesterday i did a git installation i now it's working fine. Thanks :)

@ghost ghost closed this as completed Jul 15, 2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants