SSH Connection to Device Appears to Hang, But the Putty Connection Fails

book

Article ID: 209901

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

After configuring a Linux target server to use stronger kex algorithms, the PAM SSH applet now appears to hang. The window shows as connected, but the command line never appears, nor does any error.

 

When attempting Putty connection from PAM, the following error occurs.

Cause

Looking at /var/log/secure on the target server, the following error occurred when PAM was trying to connect.
sshd[PID]: fatal: kexecdh_server: EC_KEY_new_by_curve_name failed

In this case, openSSH accepted the connection from PAM but could not complete the connection due to openSSL not being properly configured, resulting in the PAM SSH applet sitting idle.

Environment

PAM 3.3.x and above

Resolution

Any ecdh kex algorithm listed in sshd_conf should have a match in the output of the command `openssl ecparam -list_curves`. If not, either remove the kex algorithm list in sshd_conf or add the matching curve to openSSL.

Attachments