Core: ASUSWRT integration won't connect via SSH: No matching algo hostkey

I posted some info in the forums as well. I'm having the same issue, and actually I have observed that randomly the device tracker and asuswrt components work briefly. For example, I've had 4 of 5 devices connected to wifi all morning, and most of the time HA is showing nobody home. However, about every hour or so an automation fires off that lets me know it found a known device on wifi. The logs in the router coincide (the failed crypto logs stop briefly during this time). Not sure why the device tracker appears to be working intermittently, but for sure it's not working nearly as solid as it was before the latest MerlinWRT update.

I'm no expert on this subject, but I will note that asuswrt uses dropbear for ssl connections. Not sure if it's related, but I found some older info mentioning dropbear was updated so it no longer will accept older (insecure) cryptos:

https://community.ui.com/questions/Unable-to-SSH-into-AP-using-Strong-Crypto/ba1916cb-f5b0-4401-9b25-6898f009da5b

asuswrt documentation
asuswrt source
_{^{(message by IssueLinks)}}

Hey there @kennedyshead, mind taking a look at this issue as its been labeled with an integration (asuswrt) you are listed as a codeowner for? Thanks!
_{^{(message by CodeOwnersMention)}}

The creator of the firmware replied on his forum to the issue, might be helpful:

If you are referring to the SSH server, make sure your client supports modern ciphers. Obsolete algos like 3des and cbc were dropped a few months ago.

Hi, I have the same problem on an RT-AC68U with Merlin firmware version 384.18.
Could be related to https://github.com/ronf/asyncssh/issues/290 ?
The traceback seems to be the same.

As I only have a production home-assistant, I don't know how to change the python file to test (and I don't want to break it).
Hope this can help to solve the problem. Regards.

I am having same problem with version 18. The router shows: No matching algo hostkey

But I can manually ssh into the router using the same keyfile from the command line. I also get the same error message when using username/password, so it must be the router does not like the ssh client homeassistant is using

I suspect this is caused by the ssh client using older deprecated crypto. However, I know little about python so I can't back out where the problem is looking at the source.

I wonder what would happen if we set server_host_key_algs=['ssh-rsa'], would some other guys connection stop working?
In that case we need another setting 😔

Here you go, this one have the flag set https://pypi.org/project/aioasuswrt/1.2.7b0/

Hi Kennedy,
Thank you very much for your quick reply and fix! I would very much like to try your solution but since I am a using HassioOS I can't run the pip upgrade via ssh, correct? Is there a way for me to edit/update the connection.py? Sorry if this is a very basic question, I tried to find out myself but I couldn't find an answer yet.

Thank you. This worked!! Hopefully will be included in next Homeassistant update..

Its a little complicated in HassOS because it will overwrite a pip installation.
Login via ssh (make sure protection is disabled in the ssh add-on)
docker ps
find the code before the homeassistant container: eg. c0ea8aecacae homeassistant/raspberrypi4-homeassistant:0.112.0

docker exec -it c0ea8aecacae /bin/bash  (replace code wit your container ID)
pip install aioasuswrt==1.2.7b0
vi /usr/src/homeassistant/homeassistant/components/asuswrt/manifest.json  (change aioasuswrt to 1.2.7b0, may need to Google using vi)
ha core restart

Thank you very much for the detailled description Jdeath. With your help I was able to update to the 1.2.7b0 version as well.

Can confirm that after the patch the SHH connection worked on firmware 384.17. After updating to 384.18 it finally connects just like before.

Thank you very much again Kennedyshead for the quick response and fix.

I can confirm that version 1.2.7b0 is working for me (Home Assistant Core 0.111.4, Asuswrt-merlin v384.18).

@jdeath Thanks for the process to update to v1.2.7b0.
@kennedyshead Thanks for the quick fix

Thanks a lot guys!

you could try that somewhere other than in hassio? pip install aioasuswrt==1.2.7b0 and then:

#!/usr/bin/env python
import asyncio
import logging

import sys

from aioasuswrt.asuswrt import AsusWrt

component = AsusWrt('192.168.1.1', 22, username='****', password='****')
logging.basicConfig(stream=sys.stdout, level=logging.DEBUG)
logger = logging.getLogger(__name__)


async def print_data():
    logger.debug("wl")
    logger.debug(await component.connection.async_run_command('for dev in `nvram get wl_ifnames`; do wl -i $dev assoclist; done'))
    dev = await component.async_get_wl()
    logger.debug(dev)
    logger.debug("arp")
    logger.debug(await component.connection.async_run_command('arp -n'))
    dev.update(await component.async_get_arp())
    logger.debug(dev)
    logger.debug("neigh")
    logger.debug(await component.connection.async_run_command('ip neigh'))
    dev.update(await component.async_get_neigh(dev))
    logger.debug(dev)
    logger.debug("leases")
    logger.debug(await component.connection.async_run_command('cat /var/lib/misc/dnsmasq.leases'))
    dev.update(await component.async_get_leases(dev))
    logger.debug(dev)


loop = asyncio.get_event_loop()

loop.run_until_complete(print_data())
loop.close()

I'll prepare a version for release

@jdeath, could you please elaborate what you meant by:

Its a little complicated in HassOS because it will overwrite a pip installation.]

Does this patch method introduce potential problems with HassOS upgrades later on (if pip versions don't match)? I don't mind waiting until the fix gets merged, but if there is no side effect to manually upgrading per your instructions I would rather go ahead now.

@kennedyshead , great thank you very much!

you could try that somewhere other than in hassio? pip install aioasuswrt==1.2.7b0 and then:

@kennedyshead I run the python script from ubuntu 20.04 and it works (I can see my network devices). Don't hesitate to ask if you want more information or the output.
Regards.

you could try that somewhere other than in hassio? pip install aioasuswrt==1.2.7b0 and then:

I installed rasphian in VirtualBox but ran into some problems executing the script since it doesn't have the required python 3.7 available. That has nothing to do with your script but more to my limited experience and knowledge. I don't want to be ungrateful for your work so Ill try it again in Ubuntu when I have some spare time. Thanks @hebus82 for testing it out on your configuration!

@jdeath, could you please elaborate what you meant by:

Its a little complicated in HassOS because it will overwrite a pip installation.]

If you just do: pip install aioasuswrt==1.2.7b0, it will get removed on next reboot. that is why you need to edit the manifest file. It could cause problems if other packages need another version, but I don't think anything else uses it. Just don't update to 0.112.1 , or you need to redo the process. You have to look at the release notes to see if aioasuswrt is updated. Probably won't take long

#!/usr/bin/env python

you could try that somewhere other than in hassio? pip install aioasuswrt==1.2.7b0 and then:

@kennedyshead Sorry for the late reply but I was able to test your script in Ubuntu and can confirm it works like @hebus82
It spits out a list of my network devices as well. Do you need the results for more information?

#!/usr/bin/env python

you could try that somewhere other than in hassio? pip install aioasuswrt==1.2.7b0 and then:

@kennedyshead Sorry for the late reply but I was able to test your script in Ubuntu and can confirm it works like @hebus82
It spits out a list of my network devices as well. Do you need the results for more information?

No I need no more output thank you :)

I'm trying to get this in next release of hass and thank you for all the help!

Allright, no problem! Thanks to you again for working out a fix so quickly. GL with the release.

We need to wait for home assistant to pull in the new release. Hopefully
soon.

In the meantime you can follow the directions I posted earlier to manually
update. You can use version 1.2.7 instead of 1.2.7b0, now the non-beta have
been released.

On Sat, Jul 18, 2020 at 11:06 AM Bram Warrick notifications@github.com
wrote:

Is there an update on this? I see this has been closed for some time, but
I still have this issue with my HA. I'm completely caught up on installs,
so now I'm questioning if there's something else I need to tend to.

My config looks good.

To confirm what may be asked, I did take the .18 Merlin update and
understand that was part of the cause.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/home-assistant/core/issues/37269#issuecomment-660496322,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AEIVUAKPYXVULTKY563OY2TR4G25PANCNFSM4OMWDI7Q
.

The fix has been integrated in release 0.113.0.

Thanks a lot everyone.