SSH items with kex algorithms mismatch
Zabbix 7.2
OS Oracle Linux 9.6
I have a legacy switch that is monitored by a Zabbix Proxy and has SSH items configured.
However, the SSH items are unable to reach the host due to a mismatch in Kex algorithms.
Here's the error message that Zabbix displays:
I'm unable to connect to the switch from the Proxy terminal either, with basically the same error message.
So, I've added the following configuration to the proxy "/etc/ssh/ssh_config" file.
Also, the /etc/ssl/openssl.cnf file is configured to allow legacy algorithms.
After making this configuration change, I can SSH to the host from the Proxy CLI with my own user.
However, the error remains the same when connecting from Zabbix itself.
As I understand it, the Proxy should handle the SSH connection to the monitored host.
It seems that no matter what SSH configuration I try, it does not affect the Zabbix connection.
So, I'm not sure what the issue is.
Has anyone encountered this issue before?
OS Oracle Linux 9.6
I have a legacy switch that is monitored by a Zabbix Proxy and has SSH items configured.
However, the SSH items are unable to reach the host due to a mismatch in Kex algorithms.
Here's the error message that Zabbix displays:
Cannot establish SSH session:
kex error :
no match for method kex algos:
server [diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1],
client [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
kex error :
no match for method kex algos:
server [diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1],
client [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
I'm unable to connect to the switch from the Proxy terminal either, with basically the same error message.
So, I've added the following configuration to the proxy "/etc/ssh/ssh_config" file.
Code:
Host 10.22.200.89
KexAlgorithms ^diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
MACs ^hmac-sha1,hmac-sha1-96
Also, the /etc/ssl/openssl.cnf file is configured to allow legacy algorithms.
Code:
[ evp_properties ] rh-allow-sha1-signatures = yes [provider_sect] default = default_sect legacy = legacy_sect [legacy_sect] activate = 1
After making this configuration change, I can SSH to the host from the Proxy CLI with my own user.
However, the error remains the same when connecting from Zabbix itself.
As I understand it, the Proxy should handle the SSH connection to the monitored host.
It seems that no matter what SSH configuration I try, it does not affect the Zabbix connection.
So, I'm not sure what the issue is.
Has anyone encountered this issue before?
Comment