000037628 - PuTTY fatal error (Couldn't agree a key exchange algorithm) after upgrading to RSA Authentiation Manager 8.4 patch 2 or patch 3

Document created by RSA Customer Support Employee on Jun 14, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037628
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0.2 and 8.4.0.3
 
IssueAfter upgrading to RSA Authentiation Manager 8.4 patch 2 or patch 3, the SSH connection fails with the following error message:
 
Couldn't agree a key exchange algorithm (availalbe: ecdh-sha2-nistp256,ecdh-sha2-nistp384, ecdh-sha2-nistp521)

 

User-added image
CauseRSA Authentication Manager 8.4 patch 2 hardened the connection components and introduced higher security measures for SSH connection, thus SSH clients and SCP clients can no longer connect to the appliance with weaker algorithms; for example, MD5 and 96-bit MAC algorithms. That is why the old PuTTY utility that was working with previous versions may not work with this version.
 
ResolutionUpgrade your SSH and SCP clients to the most recent versions in order tto handle more restrictive SSH algorithms.
Notes

Please review the Before Installing This Patch section of the RSA Authentication Manager 8.4 Patch 2 Readme.

Attachments

    Outcomes