[Info-vax] VMS SSH2 - tcpip$ssh_ssh-keygen2.exe (Couldn't agree on kex or hostkey alg)

Jim mckinneyj at leidos.com
Wed May 24 14:26:16 EDT 2023 

On Wednesday, May 24, 2023 at 10:39:08 AM UTC-4, HCorte wrote:
> Trying to connect to another machine using ssh but failing with error of: 
> 
> debug(24-MAY-2023 12:20:30.82): Remote version: SSH-2.0-OpenSSH_8.0 
> debug(24-MAY-2023 12:20:30.84): OpenSSH: Major: 8 Minor: 0 Revision: 0 
> debug(24-MAY-2023 12:20:30.84): Ssh2Transport/TRCOMMON.C:1825: All versions of OpenSSH handle kex guesses incorrectly. 
> debug(24-MAY-2023 12:20:30.84): Ssh2Transport/TRCOMMON.C:1113: Sending packet with type 2 to connection 
> debug(24-MAY-2023 12:20:30.84): Ssh2Transport/TRCOMMON.C:1113: Sending packet with type 20 to connection 
> debug(24-MAY-2023 12:20:30.84): Ssh2Transport/TRCOMMON.C:2756: >TR packet_type=20 
> debug(24-MAY-2023 12:20:30.84): Ssh2Transport/TRCOMMON.C:2318: lang s to c: `', lang c to s: `' 
> debug(24-MAY-2023 12:20:30.84): Ssh2Transport/TRCOMMON.C:2334: Couldn't agree on kex or hostkey alg. (chosen_kex = NULL, chosen_host 
> _key = ssh-rsa) 
> debug(24-MAY-2023 12:20:30.84): Ssh2Transport/TRCOMMON.C:1113: Sending packet with type 2 to connection 
> debug(24-MAY-2023 12:20:30.85): Ssh2Transport/TRCOMMON.C:1113: Sending packet with type 1 to connection 
> debug(24-MAY-2023 12:20:30.85): Ssh2Common/SSHCOMMON.C:180: DISCONNECT received: Algorithm negotiation failed. 
> debug(24-MAY-2023 12:20:30.85): SshReadLine/SSHREADLINE.C:3728: Uninitializing ReadLine... 
> warning: Authentication failed. 
> debug(24-MAY-2023 12:20:30.85): Ssh2/SSH2.C:327: locally_generated = TRUE 
> Disconnected; key exchange or algorithm negotiation failed (Algorithm negotiation failed.). 
> 
> 
> ssh username at hostname -v 
> 
> what are the correct format for options in OpenVMS for the image tcpip$ssh_ssh-keygen2.exe?? 
> 
> the equivalent of unix command: 
> ssh -o "KexAlgorithms diffie-hellman-group1-sha1" -o "HostKeyAlgorithms ssh-dss" -o "Ciphers aes256-cbc" -i chaveprivada username at hostname 
> 
> also tried to change in the unix server to change sshd_config and added: 
> ciphers aes128-ctr,aes192-ctr,aes256-ctr,chacha20... at openssh.com,aes256-cbc 
> KexAlgorithms curve255... at libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
> macs hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-sha1 
> 
> as well hostkeyalgorithms ssh-dss 
> 
> but still fails with the error: 
> All versions of OpenSSH handle kex guesses incorrectly 
> Couldn't agree on kex or hostkey alg. (chosen_kex = NULL, chosen_host 
> _key = ssh-rsa 
> 
> here its confusing for me since if its been added "KexAlgorithms diffie-hellman-group1-sha1" in sshd_config of the unix system so OpenVMS should have stoped complaining about the KexAlgorithm... 
> 
> this attemp of changing sshd_config isn't a good option for security reasons but was to test if at least would fix in short term solution... 
> 
> Thanks

You might try doubling that v argument ( -vv ) or maybe even tripling
it on the SSH command line to get a more verbose output and insure
that the client and server can be in agreement on the cipher and MAC
that will be used during the key exchange.

More information about the Info-vax mailing list