We are in the process of migrating Gateway from 9.4 to 10.0 CR03.

We have encountered an issue with TACTICAL "SSH Command' assertion. The error is as below.

"ssh.errorMessage = {String} "java.io.IOException: There was a problem while connecting to localhost:22"

Release : 10.0

Component : RUNSCOPE

In the GW10 secure log you may see message,

 Unable to negotiate with xx.xx.xx.xx port 12345: no matching MAC found. Their offer: hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 [preauth]

The SSH assertion is offering MACs that centos 7 is not taking by default. 

It can be resolved by the following,

On my GW 10 / centos 7

# vi the /etc/ssh/sshd_config

Add the following mac: hmac-sha1-96

Sample full line below;

MACs hmac-sha1-96,hmac-sha2-512,hmac-sha2-256,[email protected],hma [email protected]

Then restart the sshd service

# service sshd restart

Then you should be able to connect fine and get no error with the ssh command assertion.