cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

Algorithm Negotiation Failed

Babar_Qayyum
DynaMight Leader
DynaMight Leader

Dear All,

We are using the SSH Secure Shell 3.2.9 (This copy of SSH Secure Shell is a non-commercial version which does not include PKI and PKCS#11 functionality) to access the AMD Servers 12.3.X but getting the following error on the access of 12.4.X release.

One of my colleague tried with the PuTTY which was successfully attempt.

As per document to configure the OpenSSH on your AMD, you must modify the sshd_config file located in /etc/ssh folder.

https://community.dynatrace.com/community/display/...

What should be the next step to access through SSH Secure Shell?

Regards,

Babar

4 REPLIES 4

Babar_Qayyum
DynaMight Leader
DynaMight Leader

We commented the below for the time being to work with the same SSH Secure Shell.

#Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

matthew_eisengr
Inactive

Yes, in the newer versions of the product, the SSH policy was hardened to only support certain known strong ciphers. I believe this was done to help the product pass basic penetration/vulnerability tests out of the box.

By commenting out that line in the config, you are removing the hardening that was applied during the upgrade.

So you can leave your configuration as is or you can check the cipher negotiation settings on your SSH Secure Shell application to match one of the hardened ciphers available on the AMD. I believe Putty works out of the box with these tougher ciphers.

Hope that helps!

Hello Matthew,

Thank you for your answer. I will update here in case I can arrange SSH Secure Shell which is supported one of the Cipher from the following:

chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Regards,

Babar

chris_v
Dynatrace Pro
Dynatrace Pro

You'll need a relatively recent version of PuTTY, recently ran into a problem where I locked myself out of an AMD, as after the upgrade, the version of PuTTY I'd used to start the upgrade stopped working. Customers fault for running an ancient version though, took much effort to fix.

Suggest upgrading your SSH client software, if it still won't work, use current version of PuTTY.