After configuring a Linux target server to use stronger kex algorithms, the PAM SSH applet now appears to hang. The window shows as connected, but the command line never appears, nor does any error.
When attempting Putty connection from PAM, the following error occurs.
PAM 3.3.x and above
Looking at /var/log/secure on the target server, the following error occurred when PAM was trying to connect.
sshd[PID]: fatal: kexecdh_server: EC_KEY_new_by_curve_name failed
In this case, openSSH accepted the connection from PAM but could not complete the connection due to openSSL not being properly configured, resulting in the PAM SSH applet sitting idle.
Any ecdh kex algorithm listed in sshd_conf should have a match in the output of the command `openssl ecparam -list_curves`. If not, either remove the kex algorithm list in sshd_conf or add the matching curve to openSSL.