Technical Tip: Lost SSH Connection to Super Worker Collector after Upgrading to 5.2.5

After upgrading to 5.2.5 there are new ssh ciphers under /etc/ssh/sshd_config.  Because of this, new clients are needed in order to utilize the new ciphers and allow for connection

The new SSH Ciphers that we include in our system are:

#ciphers
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha2-256,hmac-sha2-512
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256

 

Please find out if your client supports these ciphers. 

 

To verify the failure in connection:

1 - log into the supervisor / worker / collector node of fortisiem locally

2 - cd /var/log/

3 - review the "secure" log

 

You will see error logs where it states that there is no matching mac or cipher found:

 

Example log:

no matching mac found: client hmac-md5-96 server umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

 

Updating your ssh client will help to resolve this issue.

 

Workaround: