SAN Health Utility

Reply
Occasional Contributor
Posts: 5
Registered: ‎04-17-2008

Connection Refused Error Code:30044 No available encryption algorithms match with the server.

I have my FC switches ( 5100s, Brocade Encryption Switches, M5424s, etc. ) set up and running in FIPS mode. during the ssh login phase of the SAN Health login:

 

Connection Refused Error Code:30044 No available encryption algorithms match with the server.

 

Is there an option to get the correct encryption algorithms for SSH enabled? Was this something left out of the SAN Health Software package?

 

Thanks!

---Dan

Moderator
Posts: 201
Registered: ‎07-21-2009

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Hi Dan,

Please make sure you are using the latest SAN Health version from http://brocade.com/sanhealth. Also, please first manualy SSH to the switches using something like Putty to make sure the server has the correct encryption algorithms. You'll need to do this from the same server that has SAN Health installed. Please let us know the outcome.

 

Cheers,

Health Admin

Occasional Contributor
Posts: 5
Registered: ‎04-17-2008

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Running 4.0.5b ( latest I can find on the Brocade Website )

 

Using Putty ( 0.63 ) and have been able to ssh manually from the SAN health workstation.

 

login as: <me>
<me>@10.XX.XX.XX's password:
sxx-b6510-x-x:<me>> firmwareshow
Appl Primary/Secondary Versions
------------------------------------------
FOS v7.3.1
v7.3.1
sxx-b6510-x-x:<me>> fipscfg --verify fips
Standby firmware supports FIPS - PASS
SELF tests check has passed - PASS
Root account check has passed - PASS
Radius check has passed - PASS
Authentication check has passed - PASS
Inflight Encryption check has passed - PASS
IPSec check has passed - PASS
IPv6 policies FIPS compliant - PASS
IPv6 policies FIPS compliant - PASS
SNMP is in read only mode. - PASS
Bootprom access is disabled. - PASS
Firmwaredownload signature verification is enabled. - PASS
Secure config upload/download is enabled. - PASS
SSH DSA Keys check passed - PASS
Inband Management interface is disabled - PASS
Ipsecconfig is disabled. - PASS
Certificates validation has passed - PASS
SSH config is FIPS compliant - PASS

 

Everything works as expected when SSHing into this host. My Fear is that the FIPS complient algorithms are not built into SAN Health, or are not normally enabled.

 

New Contributor
Posts: 2
Registered: ‎05-22-2011

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Latest Version 4.0.6 gives the same message it bombs out straight away

eg

INFO-15:12:20 Starting Session to 10.47.178.90
INFO-15:12:21 Attempt SSH connection to 10.47.178.90 WWN Unknown(Wait 8 seconds)
INFO-15:12:22 Connection Refused Error Code:30044 No available encryption algorithms match with the server.
CLOSE-15:12:22 Check the IP address and login credentials you entered
CLOSE-15:12:22 Check that you can telnet (or SSH) to the switch from this workstation
CLOSE-15:12:22 Try increasing the Time-Out value under the Options menu

 

ssh works fine directly looks like SAN health  ssh issue

Moderator
Posts: 201
Registered: ‎07-21-2009

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Hi wadelton,

Is this occuring with SAN Health running against a Cisco 9513 and is it running firmware 6.2(13a)? If so, we have a fix for it in version 4.0.7 which is due out in the next couple weeks. Please let us know at shadmin@brocade.com if it is and we'll get you a test build of 4.0.7 to run if you are interested. If you'd rather wait until the GA version, please check http://brocade.com/sanhealth in a week or two.

 

Regards,
Health Admin


For the SAN Health Online Help see
http://community.brocade.com/docs/DOC-2662

 

 

Occasional Visitor
Posts: 1
Registered: ‎03-02-2016

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Dear Team,

 

I am getting the similar issue while running on CISCO SAN with latest version of 6.2.

 

Strange Part is that i am able to successfully run SAN Health on Two Fabrics with same code but I am not able to use it with it other fabrics having same code.

 

I am able to SSH/TELNET from the same workstation but I am not able to go through from SAN Health.

 

Would you please help me sharing the latest version so that I can gve it a try. I am sure it will not impact any prodution enviornment since it is not GA.

 

Warm Regards

Nikhil Jain

New Contributor
Posts: 2
Registered: ‎05-22-2011

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Version 4.07a now talks via ssh to Cisco MDS 9513's v6.2.11c ....waiting on generated report back to see how well it really worked:-)

Moderator
Posts: 71
Registered: ‎02-23-2004

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Just to fill in the details for this:

SSH uses Encryption Cyphers and for data integrity verification it uses a Message Authentication Code (MAC) algorithm.

The error message was occurring as we needed to add support for additional MAC type that these boxes/firmware levels started using.

SAN Health 4.0.7 added support for all modern variants of hmac and resolves this issue.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.