on Jun 14, 2019Article Content
| Article Number | 000037628 |
| Applies To | RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.4.0.2 and 8.4.0.3 |
| Issue | After upgrading to RSA Authentiation Manager 8.4 patch 2 or patch 3, the SSH connection fails with the following error message: Couldn't agree a key exchange algorithm (availalbe: ecdh-sha2-nistp256,ecdh-sha2-nistp384, ecdh-sha2-nistp521)  |
| Cause | RSA Authentication Manager 8.4 patch 2 hardened the connection components and introduced higher security measures for SSH connection, thus SSH clients and SCP clients can no longer connect to the appliance with weaker algorithms; for example, MD5 and 96-bit MAC algorithms. That is why the old PuTTY utility that was working with previous versions may not work with this version. |
| Resolution | Upgrade your SSH and SCP clients to the most recent versions in order tto handle more restrictive SSH algorithms. |
| Notes | Please review the Before Installing This Patch section of the RSA Authentication Manager 8.4 Patch 2 Readme. |