Debian 8 jessie, OpenSSH ssh connection server responded Algorithm negotiation failed, opensshresponded

Source: Internet
Author: User
Tags hmac ssh secure shell

Debian 8 jessie, OpenSSH ssh connection server responded Algorithm negotiation failed, opensshresponded

 

After debian 8.5 is installed, a problem occurs.

 

Root @ debian8 :~ # Lsb_release-
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.5 (jessie)
Release: 8.5
Codename: jessie
Root @ debian8 :~ # Uname-
Linux debian8 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 () x86_64 GNU/Linux
Root @ debian8 :~ #

Ssh connection failed

 

See:

Http://bbs.chinaunix.net/thread-4160457-2-1.html

This article is still unsuccessful.

 

"

Update sshto the latest version of openssh-6.7p1.tar. Then the problem arises. The ssh client cannot be connected. putty can. SecureCRT 7.1 can be 5.1 and cannot be connected again. Check whether the encryption protocol is correct, but I won't. Ask you

The image is down in the day, and the text is manually uploaded.

Crt5.1 connection prompt: connection to session 1.1.1.1 failed:
Key Exchange failed.
No compatible encryption program. The server supports these encryption programs:
Aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-

Gcm@openssh.com, chacha20-poly1305@openssh.com

Ssh client prompt: Server responded "Algorithm negotiation failed"
Key exchange with the remote host failed. This can happen
Example computer does not support the selected algorthms.

 

 

-------------------------------------------

 

The problem has been solved. Modify the ssh configuration file/etc/ssh/sshd_config.

Add the following in the configuration file:

Ciphers aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, 3des-cbc, arcfour128, arcfour256, arcfour, blowfish-cbc, cast128-cbc

MACs hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-sha1-96, hmac-md5-96

KexAlgorithms diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1

After the sshd service is restarted, the connection can be established normally.

Ps: the cause of this problem is that some original encryption algorithms are not used by default for security purposes after the ssh upgrade. We can add them manually.

 

"




Continue

Root @ debian8 :~ # Cat/etc/ssh/sshd_config

.

Found

Default

# PermitRootLogin without-password does not require a password.

Change
PermitRootLogin yes

You can use the root user to log on, otherwise the root user will fail because ssh uses the root user by default.

If you use another user, you can log on successfully.

Or use

Putty instead of using SSH secure shell to log on.

It can also be successful.

 

In addition

Add/etc/ssh/sshd_config

Ciphers aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, 3des-cbc, arcfour128, arcfour256, arcfour, blowfish-cbc, cast128-cbc
MACs hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-sha1-96, hmac-md5-96
KexAlgorithms diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1

In this case, it is easy to write errors because it cannot be copied.

Correct steps:

1. Log On With a putty non-root user,

2. nano/etc/ssh/sshd_config

Ciphers before copy... text ..

3. Restart the ssh service.

Root @ debian8 :~ # Service ssh restart

4. Check whether ssh is enabled.

Root @ debian8 :~ # Ps aux | grep ssh
Root 2640 0.0 1.2 95440 6244? Ss sshd: root @ pts/0
Root 5321 0.0 1.3 95440 6520? Ss sshd: root @ pts/2
Root 12265 0.0 1.2 95356 6476? Ss sshd: root @ pts/1
Root 12283 0.0 0.3 12704 1976? Ss/usr/lib/openssh/sftp-server
Root 12307 0.0 1.0 55184 5428? Ss/usr/sbin/sshd-D
Root 12310 0.0 0.4 12728 2200 pts/1 S + grep ssh
Root @ debian8 :~ #

If/etc/ssh/sshd_config is wrong, ssh cannot be started.

 

5. Check whether the SSH secure shell can be connected.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.