search cancel

Symantec PAM -- Unix connection issues based on ssh TLS configurations

book

Article ID: 228840

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We are getting the following SHA error after the Linux server was patched. But when the user checks the console, it is at sha2 already.  Is this something else that CAPAM require?

 

 

Couldn't agree either on kex algorithm (our: 'ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-nistp521,diffie-hellman-group14-sha1', peer: 'curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512') or host key algorithm (our: 'ssh-rsa', peer: 'rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519')

 

Cause

There are several possible  causes. In this case sshd  update was the underlying cause

Environment

Release : 3.4

Component :

Resolution

 

update-crypto-policies --show ( if its set to FUTURE) then

   update-crypto-policies --set DEFAULT

   systemctl restart sshd