SSH from Fedora 41 to AP9631 fails: ssh_dispatch_run_fatal: error in libcrypto

aswen · ‎2025-01-28

Hi,

SSH to my AP9631 NMC fails with this error:

$ ssh -v apc-ups.my.net.work
OpenSSH_9.9p1, OpenSSL 3.2.2 4 Jun 2024
debug1: Reading configuration data /home/alex/.ssh/config
debug1: /home/alex/.ssh/config line 31: Applying options for apc-ups.my.net.work
debug1: /home/alex/.ssh/config line 108: Applying options for *.my.net.work
debug1: /home/alex/.ssh/config line 172: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: /etc/ssh/ssh_config line 57: Applying options for *
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /home/alex/.ssh/config
debug1: /home/alex/.ssh/config line 31: Applying options for apc-ups.my.net.work
debug1: /home/alex/.ssh/config line 108: Applying options for *.my.net.work
debug1: /home/alex/.ssh/config line 172: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: /etc/ssh/ssh_config line 57: Applying options for *
debug1: Connecting to apc-ups.my.net.work [172.17.255.240] port 22.
debug1: Connection established.
debug1: identity file /home/alex/.ssh/id_rsa type -1
(...)
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version cryptlib
debug1: compat_banner: no match: cryptlib
debug1: Authenticating to apc-ups.my.net.work:22 as 'apc'
debug1: load_hostkeys: fopen /home/alex/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:5gSMQHqToW5REDACTEDt+vms
debug1: load_hostkeys: fopen /home/alex/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'apc-ups.barchem.de-eekhoorn.eu' is known and matches the RSA host key.
debug1: Found key in /home/alex/.ssh/known_hosts:54
ssh_dispatch_run_fatal: Connection to 172.17.255.240 port 22: error in libcrypto

My SSH Config:

### APC UPS ###
host apc-ups.my.net.work apc-ups 172.17.255.240
  Hostname apc-ups.my.net.work
  user apc
  HostKeyAlgorithms +ssh-rsa
  PubkeyAcceptedAlgorithms +ssh-rsa
  PreferredAuthentications keyboard-interactive,password
  KexAlgorithms +diffie-hellman-group1-sha1
  Ciphers aes256-ctr
  MACs hmac-sha2-256
  PasswordAuthentication yes
  PubkeyAuthentication no
  VerifyHostKeyDNS no

#### DEFAULTS ####
Host *
  LogLevel QUIET
  ForwardAgent no
  SendEnv LANG LC_*
  HashKnownHosts no
  Port 22
  Protocol 2
  ServerAliveInterval 15
  ServerAliveCountMax 5
  PubkeyAuthentication yes
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  ForwardX11 no
  ForwardX11Trusted no
  HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  VerifyHostKeyDNS yes

Client

"Fedora Linux 41 (Workstation Edition)"
6.12.10-200.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Jan 17 18:05:24 UTC 2025 x86_64 GNU/Linux
openssh.x86_64 9.9p1-1.fc41 updates
openssl.x86_64 1:3.2.2-11.fc41 updates

NMC

* Model: AP9631 hw revision 5

* Application module: v7.1.8

* AOS v7.1.8

* Boot monitor v1.0.9

I don't really know what's wrong?