search cancel

Gateway 10.0 Centos 7 SSH Command Assertion not connecting


Article ID: 212009


Updated On:


CA API Gateway



We are in the process of migrating Gateway from 9.4 to 10.0 CR03.

We have encountered an issue with TACTICAL "SSH Command' assertion. The error is as below.

"ssh.errorMessage = {String} " There was a problem while connecting to localhost:22"



Release : 10.0

Component : RUNSCOPE


In the GW10 secure log you may see message,

 Unable to negotiate with xx.xx.xx.xx port 12345: no matching MAC found. Their offer: hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 [preauth]

The SSH assertion is offering MACs that centos 7 is not taking by default. 

It can be resolved by the following,

On my GW 10 / centos 7

# vi the /etc/ssh/sshd_config

Add the following mac: hmac-sha1-96

Sample full line below;

MACs hmac-sha1-96,hmac-sha2-512,hmac-sha2-256,[email protected],hma [email protected]

Then restart the sshd service

# service sshd restart

Then you should be able to connect fine and get no error with the ssh command assertion.