000035125 - Cipher error when trying to connect to an RSA SecurID Access Identity Router with PuTTY

Document created by RSA Customer Support Employee on May 9, 2017Last modified by RSA Customer Support on Sep 14, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000035125
Applies ToRSA Product Set:  SecurID Access
RSA Product/Service Type:  Identity Router
IssueWhen trying to Access SSH for Identity Router Troubleshooting using the PuTTY utility the connection fails with the error:
Couldn't agree a client-to-server cipher (available: aes256-gcm@openssh.com,aes128-gcm@openssh.com)
CauseThe Identity Router (IDR) is configured to use a very limited cipher set.  PuTTY version 0.69 (the latest as of this writing) does not support any of the IDR's available ciphers.
WorkaroundTo SSH to an IDR from Windows, please download and use the freely available Bitvise SSH Client. 
Example Bitvise session:
bitvise configuration
Bitvise session
Alternatively use the Cygwin terminal environment if preferred.
Example Cygwin session:

$ ssh idradmin@
idradmin@'s password:
Last login: Tue Sep 12 19:36:22 2017 from
-bash: ulimit: open files: cannot modify limit: Operation not permitted
[idradmin@portal2 ~]$

NotesBe sure to include the openssh component if using Cygwin.