≡ Menu

Howto resolve Algorithm negotiation failed issue on SSH

OpenSSH

 
While performing ssh from a local-host to a remote-host that are on different versions of ssh, it is possible that you may get “Algorithm negotiation failed” message.  In this post, I’ll explain how to resolve this issue from the ssh client.

 
1. Unable to ssh to remote-host: In this example, when trying to perform ssh from local-host to remote-host, we get the “Algorithm negotiation failed” error message as shown below. Please note that the local-host is running ssh2 client.

[local-host]$ ssh -l jsmith remote-host
warning: Authentication failed.
Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).

[local-host]$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu
[local-host]$ ls -l /usr/local/bin/ssh
lrwxrwxrwx  1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2

 
2. Get more debug information about the error message from SSH. Pass -v parameter to the ssh client to view additional debug information, which will help to troubleshoot this problem further as shown below.

[local-host]$ ssh -v -l jsmith remote-host
debug: SshConfig/sshconfig.c:2838/ssh2_parse_config_ext: Metaconfig parsing stopped at line 3.
debug: SshConfig/sshconfig.c:637/ssh_config_set_param_verbose: Setting variable 'VerboseMode' to 'FALSE'.
debug: SshConfig/sshconfig.c:3130/ssh_config_read_file_ext: Read 17 params from config file.
debug: Ssh2/ssh2.c:1707/main: User config file not found, using defaults. (Looked for '/home/jsmith/.ssh2/ssh2_config')
debug: Connecting to 192.168.101.107, port 22... (SOCKS not used)
debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version: SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)
debug: client supports 2 auth methods: 'publickey,password'
debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 192.168.1.2, local port = 59514
debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 192.168.1.3, remote port = 22
debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize: Initializing ReadLine...
debug: Remote version: SSH-2.0-OpenSSH_5.0
debug: OpenSSH: Major: 5 Minor: 0 Revision: 0
debug: Ssh2Transport/trcommon.c:973/ssh_tr_input_version: All versions of OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport/trcommon.c:1116/ssh_tr_negotiate_one_alg: Algorithm negotiation failed for c_to_s_compr: client list: zlib vs. server list : none,zlib@openssh.com
debug: Ssh2Transport/trcommon.c:1116/ssh_tr_negotiate_one_alg: Algorithm negotiation failed for s_to_c_compr: client list: zlib vs. server list : none,zlib@openssh.com
debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c: `', lang c to s: `'
debug: Ssh2Common/sshcommon.c:169/ssh_common_disconnect: DISCONNECT received: Algorithm negotiation failed.
debug: SshReadLine/sshreadline.c:2485/ssh_readline_eloop_uninitialize: Uninitializing ReadLine...
warning: Authentication failed.
Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.).
debug: Ssh2Common/sshcommon.c:662/ssh_common_destroy: Destroying SshCommon object.
debug: SshConnection/sshconn.c:1997/ssh_conn_destroy: Destroying SshConn object.

Based on this debug information message shown in the debug message: “Algorithm negotiation failed for s_to_c_compr: client list: zlib vs. server list : none,zlib@openssh.com“, it is very clear that the client (local-host) is using the zlib compression and the server (remote-host) is not using zlib.

 
3. Resolve the problem by connecting to remote-host SSH without compression. Pass the -o “Compression no” to the ssh client to resolve the problem, as shown below.

[local-host]$ ssh -o "Compression no" -l jsmith remote-host
jsmith@remote-host's password:
Last login: Wed Jun 25 17:06:31 2008 from 192.168.1.2

[remote-host]$ ssh -V
OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007

Now that you are connected without any issues after passing the -o “Compression no” parameter to the ssh client, you can notice that the remote-host is using openSSH which is different than the ssh that was running on the local-host, which was the reason for the algorithm negotiation failed issue.

Add your comment

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

Comments on this entry are closed.

  • Peter Quinn July 2, 2008, 11:58 pm

    Hi. I am a long time reader. I wanted to say that I like your blog and the layout.

    Peter Quinn

  • paresh July 7, 2008, 6:17 am

    great guide.

  • A.R.M. January 23, 2010, 1:27 am

    Thanks a lot! This was a big help. I couldn’t connect to a server through SSH on MacSSH PPC for Mac OS 9; seems as if MacSSH PPC turns zlib compression on by default.

  • maryam April 28, 2015, 11:57 pm

    Disconnection
    server responded “Algorithm negotiation failed”
    Key exchange with the remote host failed. This can happen for example if the remote host comuter does not supprt the selected algorithms.

  • Rafael September 7, 2015, 5:21 pm

    If you trust in your server network, you can put in:

    /etc/ssh/sshd_config

    Ciphers aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour
    KexAlgorithms diffie-hellman-group1-sha1

    It worked for me using the ‘SSH Secure Shell’.