Home AMX User Forum AMX Technical Discussion

SSH_CLIENT_OPEN fails to handshake

I'm working with a module I wrote a few years ago to control TesiraFORTEs and cannot get SSH to connect from my NX-2200. I wrote the module to fall back to Telnet if SSH fails, but more and more I'm seeing where customers don't want Telnet enabled on their network. For the sake of controlling the DSP, I can still do everything fine over Telnet for now.

I checked and think I'm on the latest NetLinx Studio (4.4.1915) and latest NX firmware (1.8.183) but can't seem to get SSH clients to connect. I know this module worked fine in the past on several jobs, but there have been several Tesira firmware updates since then. This led me down a rabbit hole yesterday to try and pinpoint what was failing and it looks like it may be the protocol handshake.

If I PuTTY from my laptop to the TesiraFORTE, it connects just fine. But when I try connecting from my program on the NX-2200, I see "CIpSocketManager::acceptedSocketConnection(ssh) - failed to handshake" in the diagnostic messages. It then generates an onerror event with code 6 (connection refused).

I have a Linux machine setup with SSH access, so I tried pointing to that to see if I could see what's happening from the server end, and on that I get "sshd: Unable to negotiate with : no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]" Searching Google, I found http://www.openssh.com/legacy.html that talks about some key exchange algorithms that are disabled now because they're considered "weak."

I also tried sending no username/password to see if I would get an interactive prompt, but the error message seems to always say preauth. I haven't tried setting up a private key yet, but will see if that works better.

Just wondering if this is something anybody else has been fighting with?

Comments

  • as you use SSH_CLIENT_OPEN()... do you have loaded the private key file to the NX with the Certificate Manager (Tools > Certificate Manager) of Studio, and assigned the path in the SSH_CLIENT_OPEN() where it is stored?

    slong SSH_CLIENT_OPEN(INTEGER LocalPort, CHAR ServerAddress[], INTEGER remotePort, CHAR username[], char password[], char privateKeyPathname[], char privateKeyPassphrase[])

    LocalPort- A user-defined (non-zero) integer value representing the local port on the client machine to use for this conversation. This local port number must be passed to SSH_CLIENT_CLOSE to close the conversation.

    ServerAddress - A string containing either the IP address (in dotted-quad-notation) or the domain name of the server to which you want to connect.

    remotePort - The port number on the server that identifies the program or service that the client is requesting, typically 22

    username - Login user name

    password - Password for the user name, null if using PKI

    privateKeyPathname - Path to private key

    privateKeyPassphrase - Password for private key.

  • KielLKielL Posts: 34

    Hi Marc, I did load a private key to the NX controller but ran out of time setting up the Tesira end of things. I'll have to continue testing once I'm back in the office.

    Have you used username/password authentication recently? I know it worked when I wrote the module (that was probably early 2022). I only tested against the Tesira and a Linux server, so I should probably test against a few other devices to make sure it's a problem on the NX side.

    I'm just trying to keep the commissioning as simple as possible for these rooms since I don't go on-site for every install. Thank you for the help!

  • Fortunately never had to use SSH_CLIENT_OPEN() yet.... what firmware has your NX?

  • KielLKielL Posts: 34

    Just updated to 1.8.183. Previously I was on 1.6.205 and ran into this problem, so thought updating might fix it.

Sign In or Register to comment.