000035125 - Cipher error when trying to connect to an RSA SecurID Access Identity Router with PuTTY

Document created by RSA Customer Support Employee on May 9, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035125
Applies ToRSA Product Set:  SecurID Access
RSA Product/Service Type:  Identity Router
IssueWhen trying to SSH to an IDR using the PuTTY utility the connection fails with the error:
Couldn't agree a client-to-server cipher (available: aes256-gcm@openssh.com,aes128-gcm@openssh.com)
CauseThe Identity Router (IDR) is configured to use a very limited cipher set.  PuTTY version 0.69 (the latest as of this writing) does not support any of the IDR's available ciphers.
WorkaroundTo SSH to an IDR from Windows, please use the freely available Cygwin terminal environment
Below is an example Cygwin session:
$ ssh idradmin@
idradmin@'s password: <enter password>
Last login: Wed May  3 15:33:04 2017 from
RSA Enterprise Connector Installation Directory: /opt/rsa/nga
To test the network connection between this enterprise connector and the hosted service, type:
-bash: ulimit: open files: cannot modify limit: Operation not permitted
[idradmin@portal1.gs00.example.com ~]$ pwd
[idradmin@portal1.gs00.example.com ~]$

NotesBe sure to include the openssh component when installing Cygwin.