-
Title
What Key Exchange \ KeyEx \ KexAlgorithms protocols are supported for communicating with SSH targets when using PPM? -
Description
What Key Exchange \ KeyEx \ KexAlgorithms protocols are supported for communicating with SSH targets when using PPM?
-
Resolution
Currently TPAM supports the Diffie Helman range of protocols.
2.5.909 - 2.5.915:
TPAM & DPA v3
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha12.5.916+:
TPAM
In 2.5.916 TPAM's native SSH client has been updated to OpenSSH 7.2, which removed support for key lengths less than 2048.
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1 (with a modulus of 2048 or higher)
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
Hotfix_9114 can be installed to add support for diffie-hellman-group1-sha1.
DPA v3diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1
If using an unsupported KeyEx method on the target system, you will receive an error, when performing a "Test System", "Check Password" or "Reset Password, for example:[DD/MM/YYYYY HH:MM:SS] debug1: kex: algorithm: (no match)[DD/MM/YYYYY HH:MM:SS] Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 -
Change Request
9114, 7346