SSH/SCP connection error: Couldn't agree a key exchange algorithm on ESXi or vCenter

search cancel

SSH/SCP connection error: Couldn't agree a key exchange algorithm on ESXi or vCenter

book

Article ID: 326844

calendar_today

Updated On:

Products

VMware vSphere ESX 8.x VMware vCenter Server 8.0 VMware vCenter Server

Issue/Introduction

The following error message appears when attempting to connect:

Couldn't agree a key exchange algorithm (available: ecdh-sha2-n###256,ecdh-sha2-n###384,ecdh-sha2-n###521, diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,)

Environment

VMware vSphere ESX 8.x
VMware vCenter Server 8.x

Cause

This is expected behavior when using older versions of PuTTY, WinSCP, or other SSH clients that do not support the high-strength key exchange algorithms required by the ESXi or vCenter Server security configuration.

Resolution

To resolve this issue, perform the following steps:

Upgrade Client Software: Download and install the latest versions of your connection tools:
- PuTTY Download Page
- WinSCP Download Page
Test Alternate Hardware: Attempt the connection from a different computer or laptop to rule out local configuration issues.
Address SFTP Packet Size Errors: If you receive a "Received too large SFTP packet" error after upgrading WinSCP, refer to KB 326317.

Feedback

thumb_up Yes

thumb_down No