1009 views

SSH Credential authentication fails with error "no suitable key exchange algorithm was agreed"

Problem


Customer ran a discovery of a Linux server using configured SSH Credentials. Discovery fails and upon enabling mid.ssh.debug MID Server debug parameter, the following error message is logged in the MID Server agent.log log:

SSH authentication or connection failure --> No suitable key exchange algorithm could be agreed.

Cause


During SSH authentication, the server provides its public host key, which the client can use to check whether this was the intended host. During this phase, the server and client negotiate a session key using a version of the Diffie-Hellman algorithm. The key exchange method specifies how one-time session keys are generated for encryption and for authentication, and how the server authentication is done. As per the SSH specification RFC 4253 diffie-hellman-group1-sha1 is a required exchange method, therefore the server must accept it. 

Resolution


Enable diffie-hellman-group1-sha1 on the target server:

  1. Open the file: ~/.ssh/config
  2. Add the following line:

KexAlgorithms +diffie-hellman-group1-sha1

For further information, please check your server's ssh config documentation: man 5 ssh_config

Article Information

Last Updated:2017-05-12 10:01:11
Published:2017-05-12