Question

Password Safe & Cisco ISE - Unsupported MAC Algorithms

Forum|Forum|1 year ago
September 20, 2024
2 replies
275 views

NilsH
Newcomer

Does anyone else face an issue with not being able to SSH from Password Safe to network devices running Cisco ISE after an update to Cisco ISE 17.10+?

The reason is that from that version onwards, Cisco ISE only supports hmac-sha2-256-etm@openssh.com & hmac-sha2-512-etm@openssh.com as default MAC algorithms, which are not supported by Password Safe. The devices are running in a special SD-WAN controller mode where it is not possible to enable additional algorithms.

It would be interesting to know if anyone has been in a similar situation and how the problem could be resolved.

GloriaB
BeyondTrust Employee
Forum|Forum|1 year ago
September 20, 2024

Hello,

Please review the following articles:

Supported KEX Cipher, Host Key Algorithm, Encryption Cipher, and MAC Cipher IDs KB0021040

ERROR: SSH client: No matching key exchange algorithm found - No matching cipher found - No matching MAC algorithm found
KB0017016

Please let us know if this resolves the issue.

Like

+3

l3g0l4s
Apprentice
Forum|Forum|1 year ago
September 23, 2024

Hi!

I faced a similar issue a time ago. In my case we faced the issue after a fortinet upgrade. We fixed the issue adding a new registry key and after reboot appliances.

Try with BeyondInsight / Password Safe - ERROR: SSH client: No matching key exchange algorithm found - No matching cipher found - No matching MAC algorithm found (service-now.com)

Like

Badge Earners

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded