-
Titre
SSH session fails with error negotiating common algorithms -
Description
When trying to connect to a server via SPS using SSH, the following error appears on the client side:
Type 3 (Key Exchange failed): "Error negotiating common algorithms"
SPS logs show the following error:
[TimeStamp] [SPS-Hostname] zorp/scb_ssh[8780]: ssh.error(3): (svc/rx1YB6Kd2stwGcxg5ytaP9/SSHConnectionPolicyName:123/ssh): Unable to find a matching kex or host key algorithm; proxy_kex_algos='diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,ext-info-c', server_kex_algos='curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521', proxy_hostkey_algos='rsa-sha2-512,rsa-sha2-256,ssh-rsa', server_hostkey_algos='ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519', side='server' -
Cause
The SSH ciphers used by the client or target server do not match the SSH ciphers used by SPS
-
Résolution
RESOLUTION:
Verify the SSH Settings policy which is assigned to the SSH Connection policy having this error, for example if using the default SSH Settings policy:
Go to Traffic Controls > SSH > Settings > Expand default > under Algorithm settings > verify that you have added the correct algorithms under Client and Server in this settings policy.
Please refer to the SPS administrator guide topic Supported encryption algorithms for a list of supported SSH ciphers.