You observe an error similar to the following when trying to launch SSH access sessions to RHEL 8 or 9 servers: 

Error:

The Cryptography selections in PAM were not compatible with the target server Cryptography settings. The above error message shows the mismatch in the server host key selection:

"(our: 'ssh-rsa', peer: 'rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256')"

On the Configuration > Security > Cryptography > SSH Mindterm page, the "Use Default" check-box was unchecked and the Server Host Key field only contained "ssh-rsa"

Add required items to the Server Host Key list on the Configuration > Security > Cryptography > SSH Mindterm page, see documentation page Configure SSH Proxy, SSH Gateway, SSH MindTerm, and TLS Cryptography Options. for details. E.g. adding the ecdsa-sha2-nistp256 server host key option would resolve the problem seen above. Use the eye icons to the right of the text fields to see the list of available options.

Sometimes the above error shows partially only, and the text box disappears before you can view the full text. To get detailed information on the algorithm negotiation error, temporarily set Applet Log Level to Debug on the Configuration > Diagnostics > Diagnostic Logs page. Log off and log on again so that the PAM client picks up the new setting, then reproduce the problem. The full error message should get logged to the PAM client log file, logs.log in the PAM client installation directory. Once done make sure to set the applet log level back to Warning or Error, since the debug setting reduces performance of access sessions.