Customer upgraded PAM from older version(2.6.4) to 2.8.3.x and found they can no longer SSH to their Linux machines.
The error being reported is mismatched ciphers.
From user's point of view, the SSH applet launches but it is stuck and does not appear to do anything without any specific signs of error.
<Please see attached file for image>
PAM Upgraded from 2.6.4 to 2.8.3.x
Target device is Centos OS 5.x and 7.x
sshd.conf at the target device allows AES256-CTR only, other ciphers have been disabled for security reasons.
This issue affects PAM version 2.8.3.x but not PAM 220.127.116.11
The problem may also be observed in 3.X releases up to 3.2. It is expected to be fixed for good in PAM 3.3.
The target device enforces strictly limited set of ciphers so the client(PAM) will have to use matching set of ciphers to handshake or it will fail to establish secure connection.
This cipher list in SSH Mindterm is hard-coded so you will have to upgrade to fixed version of PAM to address this problem.
If you cannot upgrade, as a workaround, you can utilize Putty service to access the Linux machines or liaise with your Linux Administrator so SSH (sshd service) is configured to accept at least one of the following ciphers on the target Linux machines.
aes128-ctr, arcfour128, aes128-cbc, blowfish-ctr, blowfish-cbc, 3des-ctr, 3des-cbc, arcfour