Gateway 10.0 Centos 7 SSH Command Assertion not connecting

book

Article ID: 212009

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Hi,

We are in the process of migrating Gateway from 9.4 to 10.0 CR03.

We have encountered an issue with TACTICAL "SSH Command' assertion. The error is as below.

"ssh.errorMessage = {String} "java.io.IOException: There was a problem while connecting to localhost:22"

 

Environment

Release : 10.0

Component : RUNSCOPE

Resolution

In the GW10 secure log you may see message,

 Unable to negotiate with xx.xx.xx.xx port 12345: no matching MAC found. Their offer: hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 [preauth]

The SSH assertion is offering MACs that centos 7 is not taking by default. 

It can be resolved by the following,

On my GW 10 / centos 7

# vi the /etc/ssh/sshd_config

Add the following mac: hmac-sha1-96

Sample full line below;

MACs hmac-sha1-96,hmac-sha2-512,hmac-sha2-256,[email protected],hma [email protected]

Then restart the sshd service

# service sshd restart

Then you should be able to connect fine and get no error with the ssh command assertion.