When CBC ciphers for the Symantec Messaging Gateway (SMG) appliance are diabled via the sshd-config -c off command, attempting to connect to the command line interface (CLI) via the PuTTY ssh client results in an error message.
Couldn't agree a client-to-server cipher (available: arcfour)
PuTTY does not support the arcfour (RC4) cipher, only arcfour128 and arcfour256, so the client and server cannot agree on an encryption cipher to secure the communication.
This issue has been addressed in Symantec Messaging Gateway version 10.0.1-2.
For versions prior to 10.0.1-2 there is no workaround for this issue that does not include using the less secure SSHv1 protocol.
The OpenSSH client used by various Linux distributions and Cygwin is able to negotiate a secure connection but, for now, the PuTTY ssh client is incompatible with SMG running with CBC ciphers disabled. Please note that an ssh client that supports the basic arcfour cipher (arcfour) should be able to connect to SMG.
Imported Document ID: TECH190336
Subscribing will provide email updates when this Article is updated. Login is required.