Skip to content

Frequently Asked Question

Cisco NSO

How to access NSO CLI

To access NSO CLI, connect to the Prelude Foundation host, got to the /opt/prelude folder (or your installation folder).

Run: 

docker compose exec -it nso ncs_cli -u admin -C

NSO is complaining about "no matching host key found"

With some legacy routers NSO might end up with the following failure: 

Oct 30 10:14:48.406 UTC: SSHD_[65944]: %SECURITY-SSHD-6-INFO_GENERAL : 
no matching hostkey found: 
client ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256 
server ssh-dss

The server (ie the legacy router) proposal is ssh-dss only.

However the client (NSO) does not support ssh-dss since it is deprecated.

Simple fix: allow NSO to negotiate ssh-dss with that specific device.

You can do so with that simple CLI:

set devices device <device_id> ssh-algorithms public-key [ ssh-dss ]