Avamar 7.5: PuTTY releases older than v0.63 fail to connect with "Server unexpectedly closed network connection" due to new MAC entries in the SSH server configuration file

           

   Article Number:     504576                                   Article Version: 6     Article Type:    Break Fix 
   

 


Product:

 

Avamar Server,Avamar Server 7.5.0-183

 

Issue:

 

 

In cryptography, a message authentication code (MAC), sometimes known as a tag, is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.   
   
    The sshd_config for Avamar 7.5.x or greater version supports the following MACs:   
   
    grep MAC /etc/ssh/sshd_config   
        

      MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,umac-128-etm@openssh.com,umac-128@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-ripemd160PermitEmptyPasswords no    
   
      After a fresh install when attempting to login to the Avamar grid using the 3rd party application PuTTY, following error is seen:      
          
        
      ssh-error   
   
    /var/log/messages can show the following error when logged via a console such as lights out port (RMC for Gen4t, RMM for Gen4s, vSphere Console for AVEs etc):    
      Oct 30 12:27:19 testavamar sshd[6087]: fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5 server hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,umac-128-etm@openssh.com,umac-128@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-ripemd160    
                                                             

 

 

Cause:

 

 

PuTTY releases less than version 0.63 doesn't support these MACs                                                           

 

 

Change:

 

 

Recent install of a 7.5.x system   
    MAC entries were added to the sshd config file (/etc/ssh/sshd_config) on the Avamar Server
                                                           

 

 

Resolution:

 

 

Download a PuTTY version that is greater than or equal to 0.63 and then ssh into the Avamar Server.    
   
    Note: As of September 28, 2017, the latest version of PuTTy is 0.70