When attempting an SSH connection to the ProxySG or Advanced Secure Gateway (ASG) appliances, you receive a message stating that no ciphers or HMACs are found. The wording of the message depends on the SSH client in use. The following are examples of what the message might look like:
Unable to negotiate with <IP_address> port 22: no matching cipher found. Their offer: <list>
Unable to negotiate with <IP_address> port 22: no matching MAC found. Their offer: <list>
Couldn't agree a client-to-server cipher. available:
Fatal error. No matching mac found: client <list> server
The issue is also recorded in the event log.
The ProxySG appliance's current cipher list or current HMACs list is empty due to one of the following reasons:
Resolution 1 - Update the SSH Client
If the appliance is running in FIPS mode, or if you determine that the SSH client is outdated, update the SSH client. Refer to the SSH client documentation if needed.
Resolution 2 - Add Supported Ciphers/HMACs
Log in to the Management Console to add at least one supported cipher or HMAC. You can also restore the default list.
To add ciphers:
To add HMACs: