SAN Health Utility

Reply
Occasional Contributor
Posts: 5
Registered: ‎04-17-2008

Connection Refused Error Code:30044 No available encryption algorithms match with the server.

I have my FC switches ( 5100s, Brocade Encryption Switches, M5424s, etc. ) set up and running in FIPS mode. during the ssh login phase of the SAN Health login:

 

Connection Refused Error Code:30044 No available encryption algorithms match with the server.

 

Is there an option to get the correct encryption algorithms for SSH enabled? Was this something left out of the SAN Health Software package?

 

Thanks!

---Dan

Moderator
Posts: 205
Registered: ‎07-21-2009

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Hi Dan,

Please make sure you are using the latest SAN Health version from http://brocade.com/sanhealth. Also, please first manualy SSH to the switches using something like Putty to make sure the server has the correct encryption algorithms. You'll need to do this from the same server that has SAN Health installed. Please let us know the outcome.

 

Cheers,

Health Admin

Occasional Contributor
Posts: 5
Registered: ‎04-17-2008

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Running 4.0.5b ( latest I can find on the Brocade Website )

 

Using Putty ( 0.63 ) and have been able to ssh manually from the SAN health workstation.

 

login as: <me>
<me>@10.XX.XX.XX's password:
sxx-b6510-x-x:<me>> firmwareshow
Appl Primary/Secondary Versions
------------------------------------------
FOS v7.3.1
v7.3.1
sxx-b6510-x-x:<me>> fipscfg --verify fips
Standby firmware supports FIPS - PASS
SELF tests check has passed - PASS
Root account check has passed - PASS
Radius check has passed - PASS
Authentication check has passed - PASS
Inflight Encryption check has passed - PASS
IPSec check has passed - PASS
IPv6 policies FIPS compliant - PASS
IPv6 policies FIPS compliant - PASS
SNMP is in read only mode. - PASS
Bootprom access is disabled. - PASS
Firmwaredownload signature verification is enabled. - PASS
Secure config upload/download is enabled. - PASS
SSH DSA Keys check passed - PASS
Inband Management interface is disabled - PASS
Ipsecconfig is disabled. - PASS
Certificates validation has passed - PASS
SSH config is FIPS compliant - PASS

 

Everything works as expected when SSHing into this host. My Fear is that the FIPS complient algorithms are not built into SAN Health, or are not normally enabled.

 

New Contributor
Posts: 2
Registered: ‎05-22-2011

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Latest Version 4.0.6 gives the same message it bombs out straight away

eg

INFO-15:12:20 Starting Session to 10.47.178.90
INFO-15:12:21 Attempt SSH connection to 10.47.178.90 WWN Unknown(Wait 8 seconds)
INFO-15:12:22 Connection Refused Error Code:30044 No available encryption algorithms match with the server.
CLOSE-15:12:22 Check the IP address and login credentials you entered
CLOSE-15:12:22 Check that you can telnet (or SSH) to the switch from this workstation
CLOSE-15:12:22 Try increasing the Time-Out value under the Options menu

 

ssh works fine directly looks like SAN health  ssh issue

Moderator
Posts: 205
Registered: ‎07-21-2009

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Hi wadelton,

Is this occuring with SAN Health running against a Cisco 9513 and is it running firmware 6.2(13a)? If so, we have a fix for it in version 4.0.7 which is due out in the next couple weeks. Please let us know at shadmin@brocade.com if it is and we'll get you a test build of 4.0.7 to run if you are interested. If you'd rather wait until the GA version, please check http://brocade.com/sanhealth in a week or two.

 

Regards,
Health Admin


For the SAN Health Online Help see
http://community.brocade.com/docs/DOC-2662

 

 

Occasional Visitor
Posts: 1
Registered: ‎03-02-2016

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Dear Team,

 

I am getting the similar issue while running on CISCO SAN with latest version of 6.2.

 

Strange Part is that i am able to successfully run SAN Health on Two Fabrics with same code but I am not able to use it with it other fabrics having same code.

 

I am able to SSH/TELNET from the same workstation but I am not able to go through from SAN Health.

 

Would you please help me sharing the latest version so that I can gve it a try. I am sure it will not impact any prodution enviornment since it is not GA.

 

Warm Regards

Nikhil Jain

New Contributor
Posts: 2
Registered: ‎05-22-2011

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Version 4.07a now talks via ssh to Cisco MDS 9513's v6.2.11c ....waiting on generated report back to see how well it really worked:-)

Moderator
Posts: 77
Registered: ‎02-23-2004

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Just to fill in the details for this:

SSH uses Encryption Cyphers and for data integrity verification it uses a Message Authentication Code (MAC) algorithm.

The error message was occurring as we needed to add support for additional MAC type that these boxes/firmware levels started using.

SAN Health 4.0.7 added support for all modern variants of hmac and resolves this issue.

Frequent Visitor
Posts: 1
Registered: ‎09-06-2015

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

SAN Health 4.07 (downloaded 5-22-17) is not working with NX-OS 6.2(19) on 9396s (96 port IBM branded MDS)

 

Times out at sending "my id". BSH blows up (exits) after using stop activity for early termination. I unchecked "my id" in options. no joy. Seems BSH thinks this is a Brocade switch?

 

Other switch still running 6.2(13) adds OK.

 

 

sho ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_serie
s_home.html
Copyright (c) 2002-2017, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
BIOS: version 5.2.19
loader: version N/A
kickstart: version 6.2(19)
system: version 6.2(19)
BIOS compile time: 05/15/2015
kickstart image file is: bootflash:///m9300-s1ek9-kickstart-mz.6.2.19.bin
kickstart compile time: 1/30/2017 23:00:00 [03/10/2017 15:18:30]
system image file is: bootflash:///m9300-s1ek9-mz.6.2.19.bin
system compile time: 1/30/2017 23:00:00 [03/10/2017 18:14:20]


Hardware
cisco MDS 9396S 96X16G FC (2 RU) Chassis ("2/4/8/10/16 Gbps FC/Supervisor-4")
Motorola, 476fpe, core 0 with 3891476 kB of memory.
Processor Board ID REDACTED

Device name: REDACTED

Moderator
Posts: 77
Registered: ‎02-23-2004

Re: Connection Refused Error Code:30044 No available encryption algorithms match with the server.

Hi,

 

SAN Health uses the SSH fingerprint to ID the switch type and you're correct, it is failing to find a match for the fingerprint and then defaulting to see if it responds to the Brocade myid command as the next step in trying to determine the switch type.

 

It's a different issue and unrelated to what's in this old thread.

 

For support, please email SHAdmin@brocade.com as then we can look at the log and then see what the SSH fingerprint actually is rather than guessing at solution.

That said, it's a fairly solid guess as there are a few new SSH fingerprints and we have already added them into an upcoming patch release.  Email SHAdmin@brocade.com and we can get that to you.

 

Thanks

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.