exception during logging in Failed to negotiate a transport component

exception during logging in Failed to negotiate a transport component

Problem :-

exception during logging in Failed to negotiate a transport component [diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1] [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1] [Unknown cause]

Solution :-

If the above exception occurs, check the algorithms. In this case [diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1] algorithms are used by local server. 

Whereas remote server uses [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1] these algorithms.

This is the reason for this issue. To overcome this issue follow the below steps.

Steps to make the changes. These steps to be done using root user privilege.

  • Go to directory /etc/sshd/
  • stop sshd services using the command /etc/init.d/sshd stop.
  • Take a backup of file sshd_config.
  • Open the file sshd_config.
  • Add the below entry in the last line.
    KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

    start sshd services using the command /etc/init.d/sshd start.

The KexAlgorithms given here was taken from one of the customers problematic server. If you face this issue for any other customer append the additional algorithm which we get from the above exception to the already existing algorithms in the remote server.


Old version of ssh servers don't support adding KexAlgorithms in sshd_config file.
To verify whether the target server's ssh supports adding KexAlgorithms or not.

Type man sshd_config in command prompt.
Keep on entering the key board until you reach keys which starts with 'K'.
If you are able to see the key "KexAlgorithms", then target server supports this, and you can add as mentioned above.







                New to ADManager Plus?

                  New to ADSelfService Plus?