I'm not expecting 9.2 to be without fault. I'm not even
expecting it to make my life any easier. What I was expecting was for
you to fix the weak diffie hellman error that you explicitly listed as
the ONE major fix in 9.2. Since there's a whole other thread
regarding this issue that you guys seemingly don't know the answer
to
(https://forums.manageengine.com/topic/agentless-scan-ssh-fails-against-mac-os-x-10-11-x-el-capitan),
please allow me:
* We have it in our SOX documentation that we maintain an accurate
and comprehensive asset inventory within Service Desk Plus. This used
to be true until Apple rolled out the El Capitan OS upgrade. We now
can't scan any new Macs, and haven't been able to FOR FOUR MONTHS.
* The underlying issue being encryption ciphers. SDP uses out of
date ciphers that have well known exploits that our keys no longer
support. In order to use newer ciphers, you needed to upgrade the
bundled versions of Java and Tomcat since SDP was still built on tech
that was 3-4 years old.......
* You did upgrade the version of Java and Tomcat in 9.2, well done.
However, it looks like you guys are using a custom SSH library
([com.adventnet.servicedesk.asset.discovery.TelnetHandler]) and
didn't care to update your list of accepted ciphers.
Whole error from
serverout0.log: [21:30:42:560]|[02-11-2016]|[com.adventnet.servicedesk.asset.discovery.TelnetHandler]|[INFO]|[128]|:
Log message from TelnetHandler : 10.45.22.52 : Exception @
setExactPromptAndConnect(...) - exception during logging in
Failed to negotiate a transport component
[diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1][curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1]
[Unknown cause]|
* Here's what you guys are accepting: [diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1]
* Here's the ciphers for our key: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1]
Fails immediately with 'node discovery' error. What's
concerning me here, is that you guys listed this as a fix for 9.2.
Which means you were at least aware of the issue, to the point where
you knew enough to upgrade Tomcat and Java.....but no one noticed or
took the time to edit your TelnetHandler?
Please have an engineer, not a support person, address this
post\thread ASAP. You have paying customers that you're
continually letting down every moment you don't hop in here and
explain this. Am I totally reading this wrong? Or am I right and you
guys need to make an edit....? Looking forward to a response. Please
don't ask me for a support file, or dump, or give me a case number
of something that will never be followed up on. Please have a well
informed, technical individual respond to our concerns and give us a
glimmer of hope to keep paying for your software.
Thank you.