The Zurich release has arrived! Interested in new features and functionalities? Click here for more

SSH authentication or connection failure

Go to solution
pain
Giga Contributor

‎05-18-2018 02:15 PM

Hi All,

I am currently trying to use Custom SSH Activity designer in order to run some commands on target Linux/AIX hosts. I have defined the SSH Private Key credentials, tested it using "Test credential" UI and it passes fine. Also I have associated the credential to be available only to my Mid Server as there are others Mid Servers as well. In the Custom SSH Activity designer, I have declared to use the credential tag associated to the credentials I defined. The connectivity between the Mid Sever and Target server too I have validated and no issues. I can use the same keys on command line and connect to the target host from Mid server without any issues. Even all these tests and steps followed, I face the following issues,

a. When running a TEST Input from the Custom SSH Activity Designer, it sometimes connects to the server and provides the output. And sometimes it fails with error is "SSH authentication or connection failure".

b. When I review the ECC queue logs, I can see its using sometimes my Mid Server to connect and sometimes other Mid servers defined. Also I validated using the right Credential tags as well, however either ways it fails.

I am puzzled when the credentials record shows the connection is passing, why is sporadically failing all the time for the hosts. Note I am using SSH Private keys as we are using generic account for Orchestration. Any help would be appreciated.

Labels:
0 Helpfuls
  • 8,331 Views
1 ACCEPTED SOLUTION

Go to solution
tim_broberg
ServiceNow Employee
ServiceNow Employee

‎05-18-2018 10:38 PM

First off, there are two ssh implementations, and they can be configured on a mid by mid basis.

On explanation for your symptoms is that one is working for you and another is not.

"SSH authentication or connection failure" is a j2ssh error message, the legacy implementation.

Old j2ssh is a little quirkier and considerably harder to debug.

I would suggest reviewing the article, and enabling mid.ssh.use_snc and mid.ssh.debug on your mid servers.

If you have a lot of traffic on your mids, you can set mid.ssh.debug to a list of IPs you're interested in so the amount of debug doesn't swamp you.

Then, recreate your issue, turn mid.ssh.debug back off, and look in agent/logs/agent0.log.* to see what happened.

Search for "Using SNC" to see the beginning of a session.

You should see phases of negotiation:

  1. TCP connection / Protocol ID (Generally, a firewall / network connectivity issue or too many credential failures triggered a security response)
  2. kexinit / algorithm negotiation (Generally, the server demands exotic algorithms not supported by the client)
  3. authentication (Bad credentials)
  4. execution of various requests to run commands

That j2ssh error message is course enough that we can't discriminate between #1, #2, and #3.

If it does fail with sncssh, that's what you'll be trying to figure out.

    - Tim.

View solution in original post

5 REPLIES 5

Go to solution
madhu69
Tera Contributor

‎05-17-2024 10:02 AM

help me the ssh private key credentials ,when i try to test it its throws the error authentication failed .any possible steps to do,help me with this

0 Helpfuls