While performing ssh from a local-host to a remote-host that are on different versions of ssh, it is possible that you may get “Algorithm negotiation failed” message. In this post, I’ll explain how to resolve this issue from the ssh client.
1. Unable to ssh to remote-host: In this example, when trying to perform ssh from local-host to remote-host, we get the “Algorithm negotiation failed” error message as shown below. Please note that the local-host is running ssh2 client.
[local-host]$ ssh -l jsmith remote-host warning: Authentication failed. Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.). [local-host]$ ssh -V ssh: SSH Secure Shell 220.127.116.11 (non-commercial version) on i686-pc-linux-gnu [local-host]$ ls -l /usr/local/bin/ssh lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2
2. Get more debug information about the error message from SSH. Pass -v parameter to the ssh client to view additional debug information, which will help to troubleshoot this problem further as shown below.
[local-host]$ ssh -v -l jsmith remote-host debug: SshConfig/sshconfig.c:2838/ssh2_parse_config_ext: Metaconfig parsing stopped at line 3. debug: SshConfig/sshconfig.c:637/ssh_config_set_param_verbose: Setting variable 'VerboseMode' to 'FALSE'. debug: SshConfig/sshconfig.c:3130/ssh_config_read_file_ext: Read 17 params from config file. debug: Ssh2/ssh2.c:1707/main: User config file not found, using defaults. (Looked for '/home/jsmith/.ssh2/ssh2_config') debug: Connecting to 192.168.101.107, port 22... (SOCKS not used) debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version: SSH-1.99-18.104.22.168 SSH Secure Shell (non-commercial) debug: client supports 2 auth methods: 'publickey,password' debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip = 192.168.1.2, local port = 59514 debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip = 192.168.1.3, remote port = 22 debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping... debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize: Initializing ReadLine... debug: Remote version: SSH-2.0-OpenSSH_5.0 debug: OpenSSH: Major: 5 Minor: 0 Revision: 0 debug: Ssh2Transport/trcommon.c:973/ssh_tr_input_version: All versions of OpenSSH handle kex guesses incorrectly. debug: Ssh2Transport/trcommon.c:1116/ssh_tr_negotiate_one_alg: Algorithm negotiation failed for c_to_s_compr: client list: zlib vs. server list : none,firstname.lastname@example.org debug: Ssh2Transport/trcommon.c:1116/ssh_tr_negotiate_one_alg: Algorithm negotiation failed for s_to_c_compr: client list: zlib vs. server list : none,email@example.com debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c: `', lang c to s: `' debug: Ssh2Common/sshcommon.c:169/ssh_common_disconnect: DISCONNECT received: Algorithm negotiation failed. debug: SshReadLine/sshreadline.c:2485/ssh_readline_eloop_uninitialize: Uninitializing ReadLine... warning: Authentication failed. Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.). debug: Ssh2Common/sshcommon.c:662/ssh_common_destroy: Destroying SshCommon object. debug: SshConnection/sshconn.c:1997/ssh_conn_destroy: Destroying SshConn object.
Based on this debug information message shown in the debug message: “Algorithm negotiation failed for s_to_c_compr: client list: zlib vs. server list : none,firstname.lastname@example.org“, it is very clear that the client (local-host) is using the zlib compression and the server (remote-host) is not using zlib.
3. Resolve the problem by connecting to remote-host SSH without compression. Pass the -o “Compression no” to the ssh client to resolve the problem, as shown below.
[local-host]$ ssh -o "Compression no" -l jsmith remote-host jsmith@remote-host's password: Last login: Wed Jun 25 17:06:31 2008 from 192.168.1.2 [remote-host]$ ssh -V OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007
Now that you are connected without any issues after passing the -o “Compression no” parameter to the ssh client, you can notice that the remote-host is using openSSH which is different than the ssh that was running on the local-host, which was the reason for the algorithm negotiation failed issue.