SSH Collection Module Error Messages

Understanding the error messages received when testing the credential, through the RN150 Virtual Appliance credential testing facility or through manual testing, is key to pinpointing the problem. Due to the nature of the SSH client/server interaction, it is common to receive non-error related text in the error message. This includes any banner text returned to the client by the server, as well as a message indicating that the server's host keys have been added to the list of known hosts. These elements of the error can be ignored.

The following is a non-exhaustive list of common error messages, and their meaning:

Error Text

Context

Description of Behavior

Actions

Failed to determine operating system using command 'uname -s

credential testing

The 'uname -s' command was not successful. The target device does not support this command, or the command was otherwise unable to execute. The successful completion of this command is a strict requirement for participation in the SSH Collection Module.

•

Confirm the target operating system is supported by the SSH Collection Module

•

Ensure the 'uname' command exists and the user account can execute it

•

Configure the device for SNMP collection

Unsupported Operating System

credential testing

The target operating system is not supported; the target device is not eligible for participation in the SSH Collection Module.

•

Review the supported operating systems above.

•

Configure the device for SNMP collection.

Successfully connected, but sudo validation failed

credential testing

Connection and authentication was successful, but the user account was unable to utilize sudo.

•

Review the sudo configuration.

•

Review the sudo logs.

Connection refused

connection

The SSH client connection was not successful. This could mean that:

•

the SSH server is not running.

•

the SSH server is not listening on TCP 22, or the custom TCP port configured for the credential.

•

the local firewall on the host blocked the attempt.

•

network ACLs blocked the attempt.

•

Ensure the SSH server is running on the host.

•

Ensure the SSH server is listening on the expected TCP port on the host.

•

Ensure the local firewall is not blocking.

•

Ensure the network ACLs are not blocking.

No route to host

connection

The RN150 has no route to the target IP address.

•

Review the network configuration on the RN150.

•

Review the VLAN configurations.

•

Review the routing to that subnet.

Permission denied (...)

authentication

The credentials offered by the client were refused by the server. This could mean that:

•

the username is not a valid user on the target.

•

the user is not permitted.

•

the password is invalid for the user.

•

the key was corrupted or an invalid or unknown type.

•

the key was not valid for the user.

•

file permissions on files related to authentication (keys, configuration files, etc) were not correct.

This message is followed by a list, in parentheses, of authentication methods announced by the server.

•

Ensure the credential was entered correctly in the RN150.

•

Ensure the username exists on the target.

•

Review the SSH access controls.

•

Review the authentication configuration.

•

Ensure the private key is not encrypted.

•

Review the file permissions on the target.

Connection reset by peer

any

The target SSH server suddenly aborted the connection. This is a generic error that has a large number of possible causes.

Often, this is a particular form of refused connection, where the initial stages of the connection were successful but additional access controls determined that the connection cannot continue.

This could also be due to one of the following:

•

the TCP session was lost.

•

the client and server were unable to negotiate compatible session keys and MACs.

•

the server only supports version 1 of the SSH protocol.

•

the server is unable to handle an additional connection, or to fork a process for the requested command.

•

Ensure that hosts.deny, hosts.allow, or similar are configured to permit the connection.

•

Ensure that the SSH server supports version 2 of the protocol.

•

Review the server logs on the target.

sudo: sorry, you must have a tty to run sudo

privileged command execution

The sudo configuration requires a TTY device for the user session.

•

Review the sudo configuration documentation above.

•

Apply the configuration parameters to sudo.

sudo: no tty present and no askpass program specified

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

privileged command execution

The sudo configuration does not require a TTY device, but it requires a password. Due to the necessity of having a TTY device in order to provide a password prompt, this results in sudo refusing to operate.

•

Review the sudo configuration.

•

Remove the password restriction for the user account.

sudo: > /etc/sudoers: syntax error near line #<<<

sudo: parse error in /etc/sudoers near line #

sudo: no valid sudoers sources found, quitting

sudo: unable to initialize policy plugin

privileged command execution

The sudo configuration is syntactically invalid and was refused.

•

Correct the sudo configuration syntax.

•

Test sudo locally on the target.