SSH session failing with latest cygwin/openssh version 1.7.32(0.274/5/3)

SSH session failing with latest cygwin/openssh version 1.7.32(0.274/5/3)

[Prakash Babu]

SSH Server: I have installed cygwin 1.7.32 and configure sshd on my
windows host.
SSH Client  : I use jsch-0.1.51.jar (latest) as my ssh client

When I try to establish an ssh session I get the following failure message.
Exception Algorithm negotiation fail

The following is my ssh client and server logs with debug option enabled.
Has the OpenSSH server version shipped with cygwin changed recently ?
Can someone suggest a workaround to get passed this issue ?


SSH client logs.
=============
JSCH LOG:INFO:  : Remote version string: SSH-2.0-OpenSSH_6.7
JSCH LOG:INFO:  : Local version string: SSH-2.0-JSCH-0.1.51
JSCH LOG:INFO:  : CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
JSCH LOG:INFO:  : aes256-cbc is not available.
JSCH LOG:INFO:  : aes192-cbc is not available.
JSCH LOG:INFO:  : CheckKexes: diffie-hellman-group14-sha1
JSCH LOG:INFO:  : diffie-hellman-group14-sha1 is not available.
JSCH LOG:INFO:  : SSH_MSG_KEXINIT sent
JSCH LOG:INFO:  : SSH_MSG_KEXINIT received
JSCH LOG:INFO:  : kex: server:
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
JSCH LOG:INFO:  : kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
JSCH LOG:INFO:  : kex: server:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
JSCH LOG:INFO:  : kex: server:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
JSCH LOG:INFO:  : kex: server:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
JSCH LOG:INFO:  : kex: server:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
JSCH LOG:INFO:  : kex: server: none,zlib@openssh.com
JSCH LOG:INFO:  : kex: server: none,zlib@openssh.com
JSCH LOG:INFO:  : kex: server:
JSCH LOG:INFO:  : kex: server:
JSCH LOG:INFO:  : kex: client:
diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
JSCH LOG:INFO:  : kex: client: ssh-rsa,ssh-dss
JSCH LOG:INFO:  : kex: client:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
JSCH LOG:INFO:  : kex: client:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
JSCH LOG:INFO:  : kex: client:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
JSCH LOG:INFO:  : kex: client:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
JSCH LOG:INFO:  : kex: client: none
JSCH LOG:INFO:  : kex: client: none
JSCH LOG:INFO:  : kex: client:
JSCH LOG:INFO:  : kex: client:
JSCH LOG:INFO:  : Disconnecting from xxx.xxx.com port 22
Exception Algorithm negotiation fail
com.jcraft.jsch.JSchException: Algorithm negotiation fail


SSH Server logs
==============
debug1: Client protocol version 2.0; client software version JSCH-0.1.51
debug1: no match: JSCH-0.1.51
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 3664
debug3: preauth child monitor started
debug1: list_hostkey_types:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit:
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-
group14-sha1 [preauth]
debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth]
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth]
debug2: kex_parse_kexinit:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,uma
c-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,uma
c-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: kex_parse_kexinit:
diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
[preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc [preauth]
debug2: kex_parse_kexinit:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc [preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: client->server aes128-ctr hmac-sha1 none [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: server->client aes128-ctr hmac-sha1 none [preauth]
Unable to negotiate a key exchange method [preauth]

thanks,
Prakash

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: SSH session failing with latest cygwin/openssh version 1.7.32(0.274/5/3)

[Andrey Repin]

Greetings, Prakash Babu!

> SSH Server: I have installed cygwin 1.7.32 and configure sshd on my
> windows host.
> SSH Client  : I use jsch-0.1.51.jar (latest) as my ssh client

> When I try to establish an ssh session I get the following failure message.
> Exception Algorithm negotiation fail

> The following is my ssh client and server logs with debug option enabled.
> Has the OpenSSH server version shipped with cygwin changed recently ?
Yes. Not recently, but yes. It was updated.
Some weaker ciphers and algorithms are now disabled by default.

> Can someone suggest a workaround to get passed this issue ?

Use more recent SSH client. Or manually enable ciphers your client supports,
but be aware that you're lowering the security of your system.


--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 31.10.2014, <2:39>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple