Extreme Management Center - Extreme WebShell Terminal, CLI Commands and Archiving CommandScripts No Longer Function Via SSH To Third-Party Devices
Extreme Management Center was being used to fully manage third party devices via Extreme WebShell Terminal, execute CLI Commands and/or backup / restore configuration Archives using CommandScripts.
The above functionality all stopped around the same time.
The third party devices are managed via SSH vs TELNET.
Inventory Manager Archives may return the following which indicates SSH KEX (Key Exchange) between XMC and the device has failed:
Cannot negotiate, proposals do not match.
Extreme Management Center (XMC, formerly NetSight)
All Software Releases
If a third-party device is being managed via SSH in Extreme Management Center this functionality may break if the SSH endpoint uses SSH ciphers or algorithms XMC is not compatible with. The endpoint may have been recently upgraded or had policies applied to it to restrict certain cipher or algorithm usage resulting in the loss of compatibility with Extreme WebShell.
As noted below Extreme WebShell SSH client supports a limited set of ciphers and encipherment algorithms.
Available workarounds are limited to:
Re-enabling compatible ciphers or algorithms as noted below on the SSH endpoint, if possible; OR
Use TELNET as an alternative connection mode to the endpoint, if possible.
Extreme WebShell SSH client supports the following:
HMAC algorithms supported are limited to hmac-sha1,hmac-md5.
KEX algorithmms supported are diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1.
Host Key algorithms supported are limited to ssh-rsa,ssh-dss (RSA is however most common for vendors)
Encryption algorithms supported are aes256-ctr/aes128-ctr and a handful of legacy CBC ciphers for compatibility with legacy Extreme products.