Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot connect to modern ssh servers because only legacy key exchanges are supported #53

Open
costi opened this issue Mar 18, 2021 · 0 comments
Open

Cannot connect to modern ssh servers because only legacy key exchanges are supported #53

costi opened this issue Mar 18, 2021 · 0 comments

Comments

@costi
Copy link

costi commented Mar 18, 2021

When trying to initiate a transfer with an Ubuntu 20.04 box it gives this error:

Caused by: java.io.IOException: Cannot negotiate, proposals do not match.
	at ch.ethz.ssh2.transport.KexManager.handleMessage(KexManager.java:340)
	at ch.ethz.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:571)
	at ch.ethz.ssh2.transport.TransportManager$1.run(TransportManager.java:338)
	at java.base/java.lang.Thread.run(Thread.java:834)

I enabled debug logging for the ssh server and I see this error:

Unable to negotiate with 127.0.0.1 port 59398: no matching key exchange method found. 
Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]

The current default key exchange algorithms are:

server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]>

Updating the config on the ssh server to support the legacy KEX is not a good idea. The KEX supported by fdt are old and insecure.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@costi