05-11-2015 11:25 AM
I have my FC switches ( 5100s, Brocade Encryption Switches, M5424s, etc. ) set up and running in FIPS mode. during the ssh login phase of the SAN Health login:
Connection Refused Error Code:30044 No available encryption algorithms match with the server.
Is there an option to get the correct encryption algorithms for SSH enabled? Was this something left out of the SAN Health Software package?
05-11-2015 11:32 AM
Please make sure you are using the latest SAN Health version from http://brocade.com/sanhealth. Also, please first manualy SSH to the switches using something like Putty to make sure the server has the correct encryption algorithms. You'll need to do this from the same server that has SAN Health installed. Please let us know the outcome.
05-11-2015 11:58 AM
Running 4.0.5b ( latest I can find on the Brocade Website )
Using Putty ( 0.63 ) and have been able to ssh manually from the SAN health workstation.
login as: <me>
Appl Primary/Secondary Versions
sxx-b6510-x-x:<me>> fipscfg --verify fips
Standby firmware supports FIPS - PASS
SELF tests check has passed - PASS
Root account check has passed - PASS
Radius check has passed - PASS
Authentication check has passed - PASS
Inflight Encryption check has passed - PASS
IPSec check has passed - PASS
IPv6 policies FIPS compliant - PASS
IPv6 policies FIPS compliant - PASS
SNMP is in read only mode. - PASS
Bootprom access is disabled. - PASS
Firmwaredownload signature verification is enabled. - PASS
Secure config upload/download is enabled. - PASS
SSH DSA Keys check passed - PASS
Inband Management interface is disabled - PASS
Ipsecconfig is disabled. - PASS
Certificates validation has passed - PASS
SSH config is FIPS compliant - PASS
Everything works as expected when SSHing into this host. My Fear is that the FIPS complient algorithms are not built into SAN Health, or are not normally enabled.
02-29-2016 08:29 PM
Latest Version 4.0.6 gives the same message it bombs out straight away
INFO-15:12:20 Starting Session to 10.47.178.90
INFO-15:12:21 Attempt SSH connection to 10.47.178.90 WWN Unknown(Wait 8 seconds)
INFO-15:12:22 Connection Refused Error Code:30044 No available encryption algorithms match with the server.
CLOSE-15:12:22 Check the IP address and login credentials you entered
CLOSE-15:12:22 Check that you can telnet (or SSH) to the switch from this workstation
CLOSE-15:12:22 Try increasing the Time-Out value under the Options menu
ssh works fine directly looks like SAN health ssh issue
03-01-2016 01:47 PM
Is this occuring with SAN Health running against a Cisco 9513 and is it running firmware 6.2(13a)? If so, we have a fix for it in version 4.0.7 which is due out in the next couple weeks. Please let us know at email@example.com if it is and we'll get you a test build of 4.0.7 to run if you are interested. If you'd rather wait until the GA version, please check http://brocade.com/sanhealth in a week or two.
For the SAN Health Online Help see
03-02-2016 07:22 PM
I am getting the similar issue while running on CISCO SAN with latest version of 6.2.
Strange Part is that i am able to successfully run SAN Health on Two Fabrics with same code but I am not able to use it with it other fabrics having same code.
I am able to SSH/TELNET from the same workstation but I am not able to go through from SAN Health.
Would you please help me sharing the latest version so that I can gve it a try. I am sure it will not impact any prodution enviornment since it is not GA.
03-22-2016 07:25 AM
Version 4.07a now talks via ssh to Cisco MDS 9513's v6.2.11c ....waiting on generated report back to see how well it really worked:-)
05-05-2016 04:40 PM
Just to fill in the details for this:
SSH uses Encryption Cyphers and for data integrity verification it uses a Message Authentication Code (MAC) algorithm.
The error message was occurring as we needed to add support for additional MAC type that these boxes/firmware levels started using.
SAN Health 4.0.7 added support for all modern variants of hmac and resolves this issue.