JSchException: Algorithm negotiation fail

Anonymous
2011-06-07
2013-05-28

  • Anonymous
    2011-06-07

    Hi,

    I am trying to connect to remote sftp server over ssh with JSch (0.1.44-1) but during "session.connect();" I am getting this exception:

    com.jcraft.jsch.JSchException: Algorithm negotiation fail
            at com.jcraft.jsch.Session.receive_kexinit(Session.java:529)
            at com.jcraft.jsch.Session.connect(Session.java:291)
            at com.jcraft.jsch.Session.connect(Session.java:154)

    Logs from JSch:

    INFO: Connecting to xx.xx.xx.xxport 22
    INFO: Connection established
    INFO: Remote version string: SSH-2.0-WeOnlyDo 2.0.6
    INFO: Local version string: SSH-2.0-JSCH-0.1.44
    INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
    INFO: aes256-ctr is not available.
    INFO: aes192-ctr is not available.
    INFO: aes256-cbc is not available.
    INFO: aes192-cbc is not available.
    INFO: arcfour256 is not available.
    INFO: SSH_MSG_KEXINIT sent
    INFO: SSH_MSG_KEXINIT received
    INFO: Disconnecting from xx.xx.xx.xx port 22

    I am able to log in to remote server with linux sftp command. I was trying to find any kind of clue in the internet but I failed. Any help would be greatly appreciated.

    Regards
    Marek Dominiak

     

  • Anonymous
    2011-06-07

    Debug output from sftp console:

    OpenSSH_5.5p1-DAM_1.2, OpenSSL 0.9.8r 8 Feb 2011
    debug1: Reading configuration data /etc/DAM/ssh/ssh_config
    debug1: Applying options for *
    debug1: Applying options for *.*
    debug1: Connecting to xx.xx.xx.xx  port 22.
    debug1: Connection established.
    debug1: identity file /**/spv_id_rsa.key type -1
    debug1: identity file /**/spv_id_rsa.key-cert type -1
    debug1: Remote protocol version 2.0, remote software version WeOnlyDo 2.0.6
    debug1: no match: WeOnlyDo 2.0.6
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.5p1-DAM_1.2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes256-cbc hmac-md5 none
    debug1: kex: client->server aes256-cbc hmac-md5 none
    debug1: sending SSH2_MSG_KEXDH_INIT
    debug1: expecting SSH2_MSG_KEXDH_REPLY
    debug1: Host 'xx.xx.xx.xx' is known and matches the RSA host key.
    debug1: Found key in ~/.ssh/known_hosts:8
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /**/spv_id_rsa.key
    debug1: read PEM private key done: type RSA
    debug1: Authentication succeeded (publickey).
    debug1: channel 0: new
    debug1: Entering interactive session.
    debug1: Sending subsystem: sftp
    Connected to xx.xx.xx.xx.
    sftp>

     

  • Anonymous
    2011-06-07

    Ok the problem is solved, I have found that I the remote server had only these encryption options: .

    To enable aes256-cbc I had to apply  "Java Cryptography Extension (JCE)  Unlimited Strength Jurisdiction Policy Files" as it was written in http://www.jcraft.com/jsch/README.

    After this I can connect to remote server without problems.