Follow

AIX: Unsupported protocol sequence Error

In some cases clients using AIX to connect via SFTP may get a the error: Unsupported protocol sequence

To correct this use the following article from IBM:

https://www.ibm.com/support/pages/ibm-aix-ssh-connections-or-aix-fail-if-efs-enabled

Copy of the Article:

IBM AIX: ssh connections to or from AIX fail if EFS is enabled

 

Problem
If EFS is enabled, connecting to or from an AIX® system that uses ssh, sftp, or scp fails.  Connecting from AIX prints "Unsupported protocol sequence".

Symptom
With ssh verbose logging enabled, the connection fails soon after it prints the message "Sent ALLOW_PKCS12_KEYSTORE_CLIENT_FLAG packet".
With sshd debug logging enabled, the connection fails soon after it logs the message "Packet sent SSH_EFS_KEYSTORE_OPEN".

Cause
By default, when EFS is enabled on AIX, the AIX version of OpenSSH sends a request to the remote system for EFS support.  Most SSH implementations end the connection because they do not recognize this type of request.

Resolving The Problem
Add this option to the /etc/ssh/ssh_config file when AIX is the client or /etc/ssh/sshd_config when AIX is the server.

AllowPKCS12KeystoreAutoOpen no

If AIX is the server, sshd must be stopped and restarted with these commands.

stopsrc -s sshd
startsrc -s sshd