java.lang.IllegalStateException: Unable to negotiate key exchange for encryption algorithms (client to server) (client: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se / server: )

mina-users | Benson Margulies | 8 months ago
  1. 0

    ssh missing cyphers or something

    mina-users | 8 months ago | Benson Margulies
    java.lang.IllegalStateException: Unable to negotiate key exchange for encryption algorithms (client to server) (client: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se / server: )
  2. 0

    ssh missing cyphers or something

    mina-users | 8 months ago | Benson Margulies
    java.lang.IllegalStateException: Unable to negotiate key exchange for encryption algorithms (client to server) (client: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se / server: )
  3. 0

    ssh missing cyphers or something

    mina-users | 8 months ago | Benson Margulies
    java.lang.IllegalStateException: Unable to negotiate key exchange for encryption algorithms (client to server) (client: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se / server: )
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    ssh missing cyphers or something

    mina-users | 8 months ago | Benson Margulies
    java.lang.IllegalStateException: Unable to negotiate key exchange for encryption algorithms (client to server) (client: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se / server: )
  6. 0

    It seems that Fedora 23 has deprecated {{ssh-dss}} security in its default configuration for {{ssh}} client. That encoding is the one used by default by Karaf. This is the error a user sees when he tries to connect; {code} ssh -l admin -p 8101 localhost Unable to negotiate with 127.0.0.1: no matching host key type found. Their offer: ssh-dss {code} And this is the exception logged: {code} 15:32:08,119 | INFO | 5]-nio2-thread-1 | ServerSession | 124 - org.apache.sshd.core - 0.14.0 | Server session created from /127.0.0.1:58832 15:32:08,123 | INFO | 5]-nio2-thread-1 | SimpleGeneratorHostKeyProvider | 124 - org.apache.sshd.core - 0.14.0 | Generating host key... 15:32:08,703 | WARN | 5]-nio2-thread-1 | ServerSession | 124 - org.apache.sshd.core - 0.14.0 | Exception caught java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-rsa-cert-v01@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 / server: ssh-dss) at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1159)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:388)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_76] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[124:org.apache.sshd.core:0.14.0] at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_76] at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_76] at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_76] at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_76] at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_76] at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_76] at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:170)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:135)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:120)[124:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_76] at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[124:org.apache.sshd.core:0.14.0] at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_76] at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.7.0_76] at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)[:1.7.0_76] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)[:1.7.0_76] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)[:1.7.0_76] at java.lang.Thread.run(Thread.java:745)[:1.7.0_76] {code} An immediate workaround is to alter the configuration of {{ssh}} client to accept that security configuration: {code} ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PreferredAuthentications=password -oHostKeyAlgorithms=+ssh-dss -l admin -p 8101 localhost {code} As a longer term solution we shuold start considering moving away from {{ssh-dss}} since according to http://www.openssh.com/legacy.html it's considered insecure, thus deprecated: > OpenSSH 7.0 and greater similarly disables the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.

    JBoss Issue Tracker | 1 year ago | Paolo Antinori
    java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-rsa-cert-v01@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 / server: ssh-dss)

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.lang.IllegalStateException

      Unable to negotiate key exchange for encryption algorithms (client to server) (client: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se / server: )

      at org.apache.sshd.common.session.AbstractSession.negotiate()
    2. Apache Mina SSHD :: Core
      Nio2CompletionHandler$1.run
      1. org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1159)[5:org.apache.sshd.core:0.14.0]
      2. org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:388)[5:org.apache.sshd.core:0.14.0]
      3. org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[5:org.apache.sshd.core:0.14.0]
      4. org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[5:org.apache.sshd.core:0.14.0]
      5. org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[5:org.apache.sshd.core:0.14.0]
      6. org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)[5:org.apache.sshd.core:0.14.0]
      7. org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)[5:org.apache.sshd.core:0.14.0]
      8. org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)[5:org.apache.sshd.core:0.14.0]
      9. org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
      9 frames