|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 22.214.171.124 and 126.96.36.199
|Issue||After upgrading to RSA Authentiation Manager 8.4 patch 2 or patch 3, the SSH connection fails with the following error message:|
Couldn't agree a key exchange algorithm (availalbe: ecdh-sha2-nistp256,ecdh-sha2-nistp384, ecdh-sha2-nistp521)
|Cause||RSA Authentication Manager 8.4 patch 2 hardened the connection components and introduced higher security measures for SSH connection, thus SSH clients and SCP clients can no longer connect to the appliance with weaker algorithms; for example, MD5 and 96-bit MAC algorithms. That is why the old PuTTY utility that was working with previous versions may not work with this version.|
|Resolution||Upgrade your SSH and SCP clients to the most recent versions in order tto handle more restrictive SSH algorithms.|
Please review the Before Installing This Patch section of the RSA Authentication Manager 8.4 Patch 2 Readme.