What does it mean?
This error means that the client and server couldn't agree on an algorithm for key exchange, encryption, or MAC integrity checking. During an initial SSH SFTP connection, each side of the connection sends a list of supported algorithms. There has to be at least one match in each category between the client and server for the connection to proceed. If you receive this message then that means there was no shared algorithm in at least one of key exchange, encryption, or MAC integrity checking.
How do I find the algorithms?
The Cerberus log prints out the reason the key exchange failed and the algorithms presented from the server and the client during the connection attempt.
No common C2S mac: [S: hmac-ripemd160@openssh.com,]
[C: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com]
No common S2C mac: [S: hmac-ripemd160@openssh.com,]
[C: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com]
Key exchange failed: Could not agree on key exchange parameters
Log example
How do I correct this?
You can enable the necessary SSH ciphers from the SSH SFTP dialog. The Advanced Security dialog is accessible from the Protocols page of the Server Manager.
Comments
0 comments
Please sign in to leave a comment.