The old ConfD 6.6.1 released 5 years ago crypto.so does not work with OpenSSL 1.1, and your crypto.so it seems to have been rebuilt for some other target system. For OpenSSL 1.1 try ConfD 7.x or 8.x (latest)
Since you have installed OpenSSL 1.0, you can try using the original ConfD 6.6.1 crypto.so and, for example, make a symbolic link: $ ln -s /usr/lib64/libcrypto.so.1.0.2o /usr/lib64/libcrypto.so.1.0.0
Thanks @cohult for reaching out on this… I tried creating the softlink with -sf option… and even tried restarting confd… but even after that issue was not resolved…
So I installed openssl-libs-1.0.2 as below:
rpm --force -iv openssl-libs-1.0.2u.6.2.374-20200204204722.el7.x86_64.rpm
Now confd is up and running.
Is that correct way to go about… ?
(Almalinux 8.7 comes with openssl-libs-1.1.1 )
Now I see a paramiko ssh issue while running netconf-confole
Incompatible ssh peer (no acceptable host key)
Is this a known issue related to libcrypto / confd… ?
/opt/cisco/esc/confd/bin/netconf-console --port=830 --host=127.0.0.1 --user=admin --password=****** --get -x “datamodel/opdata”
False
server_key_algo_list
[‘’]
self.preferred_keys=
(‘ssh-ed25519’, ‘ecdsa-sha2-nistp256’, ‘ecdsa-sha2-nistp384’, ‘ecdsa-sha2-nistp521’, ‘ssh-rsa’, ‘ssh-dss’)
agreed_keys=
[]
Exception: Incompatible ssh peer (no acceptable host key)
Traceback (most recent call last):
File “/usr/local/lib/python3.6/site-packages/paramiko/transport.py”, line 2083, in run
self._handler_table[ptype](self, m)
File “/usr/local/lib/python3.6/site-packages/paramiko/transport.py”, line 2198, in _negotiate_keys
self._parse_kex_init(m)
File “/usr/local/lib/python3.6/site-packages/paramiko/transport.py”, line 2385, in _parse_kex_init
“Incompatible ssh peer (no acceptable host key)”
paramiko.ssh_exception.SSHException: Incompatible ssh peer (no acceptable host key)
Yes, as you can only use OpenSSL 1.0.x with ConfD 6.6.1.
The most correct way to do it would be to upgrade ConfD to a modern 8.x version and use OpenSSL 1.1.x.
The issue is that you use a 5-year-old EOL ConfD version. As of OpenSSH-7.8 keys are generated like this (see https://www.openssh.com/txt/release-7.8 for more details):
The ConfD 6.6.1 installation generates SSH keys using an old, no longer supported format. Hence, you need to generate new keys for your ConfD installation using something like the following: