Avamar 7.5: PuTTY releases older than v0.63 fail to connect with "Server unexpectedly closed network connection" due to new MAC entries in the SSH server configuration file


   Article Number:     504576                                   Article Version: 6     Article Type:    Break Fix 




Avamar Server,Avamar Server 7.5.0-183





In cryptography, a message authentication code (MAC), sometimes known as a tag, is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.   
    The sshd_config for Avamar 7.5.x or greater version supports the following MACs:   
    grep MAC /etc/ssh/sshd_config   

      MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,umac-128-etm@openssh.com,umac-128@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-ripemd160PermitEmptyPasswords no    
      After a fresh install when attempting to login to the Avamar grid using the 3rd party application PuTTY, following error is seen:      
    /var/log/messages can show the following error when logged via a console such as lights out port (RMC for Gen4t, RMM for Gen4s, vSphere Console for AVEs etc):    
      Oct 30 12:27:19 testavamar sshd[6087]: fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5 server hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,umac-128-etm@openssh.com,umac-128@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-ripemd160    






PuTTY releases less than version 0.63 doesn't support these MACs                                                           






Recent install of a 7.5.x system   
    MAC entries were added to the sshd config file (/etc/ssh/sshd_config) on the Avamar Server






Download a PuTTY version that is greater than or equal to 0.63 and then ssh into the Avamar Server.    
    Note: As of September 28, 2017, the latest version of PuTTy is 0.70