Terminal connection to device fails as Key Exchange Algorithm available/configured on device not supported.
search cancel

Terminal connection to device fails as Key Exchange Algorithm available/configured on device not supported.

book

Article ID: 319860

calendar_today

Updated On: 02-26-2025

Products

VMware Smart Assurance

Issue/Introduction

While trying to discover a device /pull config on device/test Credentials of a device with OpenSSH 7.4 or 8.3, later versions; NCM gives error unable to connect to the device. The same device is accessible from NCM server via SSH with same credentials.

Below are the entries in autodisc or commmgr log files:

-----------------------------
Jan 18 11:23:52 :-248285440/#.#.#.##6: Term: Looking up host "#.#.#.#" (IPv4)
Jan 18 11:23:52 :-248285440/#.#.#.##6: Term: Connecting to #.#.#.# port 22
Jan 18 11:23:52 :-248285440/#.#.#.##6: Term: Server version: SSH-2.0-OpenSSH_8.3
Jan 18 11:23:52 :-248285440/#.#.#.##6: Term: We claim version: SSH-2.0-PuTTY_Local:_Jan_15_2019_03:45:56
Jan 18 11:23:52 :-248285440/#.#.#.##6: Term: Using SSH protocol version 2
Jan 18 11:23:52 :-248285440/#.#.#.##6: Term: Couldn't agree a key exchange algorithm (available: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)
-----------------------------
Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: Connecting to #.#.#.# port 22
Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: Server version: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: We claim version: SSH-2.0-PuTTY_Local:_Jan_15_2019_03:45:56
Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: Using SSH protocol version 2
Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: Couldn't agree a key exchange algorithm (available: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)
Jan 28 12:32:05 489895680/testCredentials(22344)#1: ssh_connect(): #.#.#.# - Remote device connection failed; check credentials
-----------------------------

Environment

NCM - 10.1.x

Resolution

Latest NCM 10.1.13 version as of April 2024 has putty version 0.68 which does not support Key exchange algorithm diffie-hellman-group14-sha256.

Supported KEX in NCM 10.1.13 via CLI & OpenSSH 6.9 has been validated as supported:

[<USERNAME>@<HOSTNAME> ~]# strings /opt/smarts-ncm/bin/autodiscd | grep diffie-hellman
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1


Key exchange algorithm diffie-hellman-group14-sha256 is supported from putty version 0.74.
Workaround is to download OpenSSH in device or wait for Enhancement request to be approved and updated putty available in newer release of NCM which is planned to release on March or April 2025.

Additional Information



Powered by Wolken Software