java.lang.IllegalStateException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp521 / server: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)

Apache's JIRA Issue Tracker | Damjan Jovanovic | 8 months ago
  1. 0

    On a fresh install of CentOS 7 with OpenJDK 1.8, running karaf container versions > 4.0.2 either with "bin/karaf" or as a service (whether sysvinit or systemd), trying to log in with "bin/client" always fails with an exception. Oracle JDK - by comparison - works. "git bisect" narrowed down the regression to the following commit: 539540cde099aee52fd523a09aca92e36522261c is the first bad commit commit 539540cde099aee52fd523a09aca92e36522261c Author: Freeman Fang <freeman.fang@gmail.com> Date: Wed Oct 14 12:09:09 2015 +0800 [KARAF-4062]Karaf client does now work after installing BouncyCastle :040000 040000 926f15997510a671ff77db9623f8b65ce4186706 da83c22e043de3004a620f1cc88e25ee672bd09d M client The exception is: # bin/client Logging in as karaf 3771 [sshd-SshClient[593634ad]-nio2-thread-2] WARN org.apache.sshd.client.session.ClientSessionImpl - Exception caught java.lang.IllegalStateException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp521 / server: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1) at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1159) at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:388) at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326) at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:306) at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780) at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308) at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) at java.security.AccessController.doPrivileged(Native Method) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Authentication failed

    Apache's JIRA Issue Tracker | 8 months ago | Damjan Jovanovic
    java.lang.IllegalStateException: Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp521 / server: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)
  2. 0

    Unable to clone repository from gitbucket using git clone ssh://... : Unable to negotiate key exchange for server host key algorithms

    GitHub | 5 months ago | axb21
    java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa / server: ssh-dss)
  3. 0

    How to use kie-workbench with eclipse.

    Google Groups | 4 weeks ago | Domengie Jean
    java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ssh-ed2551...@openssh.com,ssh-rsa-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa / server: ssh-dss)
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    It seems that Fedora 23 has deprecated {{ssh-dss}} security in its default configuration for {{ssh}} client. That encoding is the one used by default by Karaf. This is the error a user sees when he tries to connect; {code} ssh -l admin -p 8101 localhost Unable to negotiate with 127.0.0.1: no matching host key type found. Their offer: ssh-dss {code} And this is the exception logged: {code} 15:32:08,119 | INFO | 5]-nio2-thread-1 | ServerSession | 124 - org.apache.sshd.core - 0.14.0 | Server session created from /127.0.0.1:58832 15:32:08,123 | INFO | 5]-nio2-thread-1 | SimpleGeneratorHostKeyProvider | 124 - org.apache.sshd.core - 0.14.0 | Generating host key... 15:32:08,703 | WARN | 5]-nio2-thread-1 | ServerSession | 124 - org.apache.sshd.core - 0.14.0 | Exception caught java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-rsa-cert-v01@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 / server: ssh-dss) at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1159)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:388)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_76] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[124:org.apache.sshd.core:0.14.0] at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_76] at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_76] at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_76] at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_76] at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_76] at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_76] at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:170)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:135)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:120)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_76] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[124:org.apache.sshd.core:0.14.0] at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_76] at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.7.0_76] at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)[:1.7.0_76] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)[:1.7.0_76] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)[:1.7.0_76] at java.lang.Thread.run(Thread.java:745)[:1.7.0_76] {code} An immediate workaround is to alter the configuration of {{ssh}} client to accept that security configuration: {code} ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PreferredAuthentications=password -oHostKeyAlgorithms=+ssh-dss -l admin -p 8101 localhost {code} As a longer term solution we shuold start considering moving away from {{ssh-dss}} since according to http://www.openssh.com/legacy.html it's considered insecure, thus deprecated: > OpenSSH 7.0 and greater similarly disables the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.

    JBoss Issue Tracker | 1 year ago | Paolo Antinori
    java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-rsa-cert-v01@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 / server: ssh-dss)
  6. 0

    ssh missing cyphers or something

    mina-users | 8 months ago | Benson Margulies
    java.lang.IllegalStateException: Unable to negotiate key exchange for encryption algorithms (client to server) (client: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se / server: )

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.lang.IllegalStateException

      Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ecdh-sha2-nistp521 / server: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1)

      at org.apache.sshd.common.session.AbstractSession.negotiate()
    2. Apache Mina SSHD :: Core
      Nio2CompletionHandler$1.run
      1. org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1159)
      2. org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:388)
      3. org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)
      4. org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:306)
      5. org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)
      6. org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)
      7. org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
      8. org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)
      9. org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)
      10. org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
      10 frames
    3. Java RT
      AccessController.doPrivileged
      1. java.security.AccessController.doPrivileged(Native Method)
      1 frame
    4. Apache Mina SSHD :: Core
      Nio2CompletionHandler.completed
      1. org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
      1 frame
    5. Java RT
      Thread.run
      1. sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
      2. sun.nio.ch.Invoker$2.run(Invoker.java:218)
      3. sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
      4. java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      5. java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      6. java.lang.Thread.run(Thread.java:745)
      6 frames