ZVM unable to connect to VRA following upgrade to ESXI6.0u2 or ESXI6.5 : AssureStor Support

Symptoms:

Customer upgraded their ESXi host to the latest patches by VMware

Build number 4632154
ESXi 6.0.0. Build 4600944

Which makes the hosts to be ESXi 6.0U2

Following the upgrade, the ZVM is unable to connect to the VRA

Cause:

Looking in host logs Auth log, we see this error:

2016-11-17T07:32:07Z sshd[76058]: Connection from 172.20.204.117 port 49746
2016-11-17T07:32:07Z sshd[76058]: ssh_dispatch_run_fatal: Connection from 172.20.204.117 port 49746: DH GEX group out of range
2016-11-17T07:32:07Z sshd[76059]: /etc/ssh/sshd_config line 15: Unsupported option PrintLastLog
2016-11-17T07:32:07Z sshd[76059]: Connection from 172.20.204.117 port 49747
2016-11-17T07:32:07Z sshd[76059]: ssh_dispatch_run_fatal: Connection from 172.20.204.117 port 49747: DH GEX group out of range
2016-11-17T07:32:07Z sshd[76060]: /etc/ssh/sshd_config line 15: Unsupported option PrintLastLog
2016-11-17T07:32:07Z sshd[76060]: Connection from 172.20.204.117 port 49748
2016-11-17T07:32:07Z sshd[76060]: ssh_dispatch_run_fatal: Connection from 172.20.204.117 port 49748: DH GEX group out of range

This is caused by the OpenSSH package being updated in this version to 7.1p1 which deprecates use of keys smaller than 1536 bits

Solution:

The easiest workaround for this issue would be to update /etc/ssh/sshd_config to force an "outdated" key exchange algorithm:

#KexAlgorithms=diffie-hellman-group14-sha1 Following that, restart the sshd process on the host and the VRA should be able to connect to the ZVM List of commands to use

cp -av /etc/ssh/sshd_config /etc/ssh/sshd_config.orig echo "KexAlgorithms=diffie-hellman-group14-sha1" >> /etc/ssh/sshd_config /etc/init.d/SSH restart

Affected versions:
4.5Ux, 5.0 GA

Hypervisor:
VMWare

Welcome to the AssureStor Support Portal

ZVM unable to connect to VRA following upgrade to ESXI6.0u2 or ESXI6.5

Related Articles