• State Not Answered
  • Replies 7 replies
  • Subscribers 93 subscribers
  • Views 2852 views
  • Users 0 members are here
Options
Related

Unix Connector Error: Could not open SUGI session for 192.168.X.X

Michael Bantjes
over 3 years ago

In our environment we have multiple different Unix environments that we need to connect to.  Up until now, everything has been running smoothly.  Given the recent release of Ubuntu 20.04.1 LTS and its use of kernel 5, I decided to take if for a spin.  When I enter the details into the the connection data section of the 'General connector settings' window and click Test, I get the following response back:  "[System.Exception] Could not open SUGI session for 192.168.X.X:  Could not open SSH connection to host:  An unexpected error was received from the SSH client (error code = 7):  Connection lost (error code is 10058)".  I can connect to the server with the same credentials via putty so I know there isn't an issue with sshd in and of itself on the target system.  I did a little testing with various OSs that we use and this is what I found:

SLES 11 SP 3 (3.0.76-0.11-default) - no issues
SLES 12 (3.12.28-4-default) - no issues
RHEL8 (4.18.0-193.e18.x86_64) - no issues
Ubuntu 18.04.5 LTS (4.15.0-112-generic) - no issues
Ubuntu 20.04.1 LTS (5.4.0-42-generic) - Could not open SUGI session

I'm not sure if something changed within Ubuntu itself or if there is an issue with the way OID interfaces with kernel v5.  From what I could find online, error code 7 indicates an issue with the cipher used between the two systems.  Has anyone else run into this error before?  Is anyone else using an OS based on kernel 5 that works with OID?

Parents Reply Children
  • 0 over 3 years ago in reply to Rene.Obermueller

    Hi,

    this seems to be related to key exchange algorithms. The default for Ubuntu 20.04's sshd, as per man sshd_config, would be

    curve25519-sha256,curve25519-sha256@libssh.org,
    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
    diffie-hellman-group-exchange-sha256,
    diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
    diffie-hellman-group14-sha256

    It seems that our ssh client does not support these right away. If I change the sshd_config on the server to include e.g. diffie-hellman-group1-sha1, e.g.

    KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

    then I can connect to it.

    The default in Ubuntu 18.04 was

    curve25519-sha256@libssh.org,
    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
    diffie-hellman-group-exchange-sha256,
    diffie-hellman-group14-sha1

    This might be a workaround for the time being, but anything around sha1 is not recommended anymore, so we should investigate further what works or what doesn't.

    Can I ask you to open a Support service request, please? Feel free to add my name as a reference.

    -René

  • 0 over 2 years ago in reply to Rene.Obermueller

    Rene - we are getting this error between Identity Manager 8.1.4 and a brand-new Ubuntu Server 21.04 VM in the Living Lab. Did we get a formal resolution to this problem?

  • 0 over 2 years ago in reply to Robert Sandri

    This is fixed by VPR#33411 in 8.2. To check, if a hotfix for 8.1.4 is available and feasible (replaced 3rd party components), please contact support.