Debian 8 jessie, OpenSSH ssh connection server responded Algorithm negotiation failed, opensshresponded
After debian 8.5 is installed, a problem occurs.
Root @ debian8 :~ # Lsb_release-
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.5 (jessie)
Release: 8.5
Codename: jessie
Root @ debian8 :~ # Uname-
Linux debian8 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 () x86_64 GNU/Linux
Root @ debian8 :~ #
Ssh connection failed
See:
Http://bbs.chinaunix.net/thread-4160457-2-1.html
This article is still unsuccessful.
"
Update sshto the latest version of openssh-6.7p1.tar. Then the problem arises. The ssh client cannot be connected. putty can. SecureCRT 7.1 can be 5.1 and cannot be connected again. Check whether the encryption protocol is correct, but I won't. Ask you
The image is down in the day, and the text is manually uploaded.
Crt5.1 connection prompt: connection to session 1.1.1.1 failed:
Key Exchange failed.
No compatible encryption program. The server supports these encryption programs:
Aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-
Gcm@openssh.com, chacha20-poly1305@openssh.com
Ssh client prompt: Server responded "Algorithm negotiation failed"
Key exchange with the remote host failed. This can happen
Example computer does not support the selected algorthms.
-------------------------------------------
The problem has been solved. Modify the ssh configuration file/etc/ssh/sshd_config.
Add the following in the configuration file:
Ciphers aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, 3des-cbc, arcfour128, arcfour256, arcfour, blowfish-cbc, cast128-cbc
MACs hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-sha1-96, hmac-md5-96
KexAlgorithms diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1
After the sshd service is restarted, the connection can be established normally.
Ps: the cause of this problem is that some original encryption algorithms are not used by default for security purposes after the ssh upgrade. We can add them manually.
"
Continue
Root @ debian8 :~ # Cat/etc/ssh/sshd_config
.
Found
Default
# PermitRootLogin without-password does not require a password.
Change
PermitRootLogin yes
You can use the root user to log on, otherwise the root user will fail because ssh uses the root user by default.
If you use another user, you can log on successfully.
Or use
Putty instead of using SSH secure shell to log on.
It can also be successful.
In addition
Add/etc/ssh/sshd_config
Ciphers aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, 3des-cbc, arcfour128, arcfour256, arcfour, blowfish-cbc, cast128-cbc
MACs hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-sha1-96, hmac-md5-96
KexAlgorithms diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1
In this case, it is easy to write errors because it cannot be copied.
Correct steps:
1. Log On With a putty non-root user,
2. nano/etc/ssh/sshd_config
Ciphers before copy... text ..
3. Restart the ssh service.
Root @ debian8 :~ # Service ssh restart
4. Check whether ssh is enabled.
Root @ debian8 :~ # Ps aux | grep ssh
Root 2640 0.0 1.2 95440 6244? Ss sshd: root @ pts/0
Root 5321 0.0 1.3 95440 6520? Ss sshd: root @ pts/2
Root 12265 0.0 1.2 95356 6476? Ss sshd: root @ pts/1
Root 12283 0.0 0.3 12704 1976? Ss/usr/lib/openssh/sftp-server
Root 12307 0.0 1.0 55184 5428? Ss/usr/sbin/sshd-D
Root 12310 0.0 0.4 12728 2200 pts/1 S + grep ssh
Root @ debian8 :~ #
If/etc/ssh/sshd_config is wrong, ssh cannot be started.
5. Check whether the SSH secure shell can be connected.