While performing ssh from a local-host to a remote-host that are on different versions of ssh, it is possible that you may get “Algorithm negotiation failed” message. In this post, I’ll explain how to resolve this issue from the ssh client.
1. Unable to ssh to remote-host: In this example, when trying to perform ssh from local-host to remote-host, we get the “Algorithm negotiation failed” error message as shown below. Please note that the local-host is running ssh2 client.
[local-host]$ ssh -l jsmith remote-host warning: Authentication failed. Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.). [local-host]$ ssh -V ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu [local-host]$ ls -l /usr/local/bin/ssh lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2
2. Get more debug information about the error message from SSH. Pass -v parameter to the ssh client to view additional debug information, which will help to troubleshoot this problem further as shown below.
[local-host]$ ssh -v -l jsmith remote-host debug: SshConfig/sshconfig.c:2838/ssh2_parse_config_ext: Metaconfig parsing stopped at line 3. debug: SshConfig/sshconfig.c:637/ssh_config_set_param_verbose: Setting variable 'VerboseMode' to 'FALSE'. debug: SshConfig/sshconfig.c:3130/ssh_config_read_file_ext: Read 17 params from config file. debug: Ssh2/ssh2.c:1707/main: User config file not found, using defaults. (Looked for '/home/jsmith/.ssh2/ssh2_config') debug: Connecting to 192.168.101.107, port 22... (SOCKS not used) debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version: SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial) debug: client supports 2 auth methods: 'publickey,password' debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 192.168.1.2, local port = 59514 debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 192.168.1.3, remote port = 22 debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping... debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize: Initializing ReadLine... debug: Remote version: SSH-2.0-OpenSSH_5.0 debug: OpenSSH: Major: 5 Minor: 0 Revision: 0 debug: Ssh2Transport/trcommon.c:973/ssh_tr_input_version: All versions of OpenSSH handle kex guesses incorrectly. debug: Ssh2Transport/trcommon.c:1116/ssh_tr_negotiate_one_alg: Algorithm negotiation failed for c_to_s_compr: client list: zlib vs. server list : none,zlib@openssh.com debug: Ssh2Transport/trcommon.c:1116/ssh_tr_negotiate_one_alg: Algorithm negotiation failed for s_to_c_compr: client list: zlib vs. server list : none,zlib@openssh.com debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c: `', lang c to s: `' debug: Ssh2Common/sshcommon.c:169/ssh_common_disconnect: DISCONNECT received: Algorithm negotiation failed. debug: SshReadLine/sshreadline.c:2485/ssh_readline_eloop_uninitialize: Uninitializing ReadLine... warning: Authentication failed. Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.). debug: Ssh2Common/sshcommon.c:662/ssh_common_destroy: Destroying SshCommon object. debug: SshConnection/sshconn.c:1997/ssh_conn_destroy: Destroying SshConn object.
Based on this debug information message shown in the debug message: “Algorithm negotiation failed for s_to_c_compr: client list: zlib vs. server list : none,zlib@openssh.com“, it is very clear that the client (local-host) is using the zlib compression and the server (remote-host) is not using zlib.
3. Resolve the problem by connecting to remote-host SSH without compression. Pass the -o “Compression no” to the ssh client to resolve the problem, as shown below.
[local-host]$ ssh -o "Compression no" -l jsmith remote-host jsmith@remote-host's password: Last login: Wed Jun 25 17:06:31 2008 from 192.168.1.2 [remote-host]$ ssh -V OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007
Now that you are connected without any issues after passing the -o “Compression no” parameter to the ssh client, you can notice that the remote-host is using openSSH which is different than the ssh that was running on the local-host, which was the reason for the algorithm negotiation failed issue.
My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles that will either teach you or help you resolve a problem. Read more about
Comments on this entry are closed.
Hi. I am a long time reader. I wanted to say that I like your blog and the layout.
Peter Quinn
great guide.
Thanks a lot! This was a big help. I couldn’t connect to a server through SSH on MacSSH PPC for Mac OS 9; seems as if MacSSH PPC turns zlib compression on by default.
Disconnection
server responded “Algorithm negotiation failed”
Key exchange with the remote host failed. This can happen for example if the remote host comuter does not supprt the selected algorithms.
If you trust in your server network, you can put in:
/etc/ssh/sshd_config
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour
KexAlgorithms diffie-hellman-group1-sha1
It worked for me using the ‘SSH Secure Shell’.