Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Github.com Unable to Negotiate Key Exchange Method #26

Open
mmangione opened this issue Jan 28, 2015 · 1 comment
Open

Github.com Unable to Negotiate Key Exchange Method #26

mmangione opened this issue Jan 28, 2015 · 1 comment

Comments

@mmangione
Copy link

OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014

Here is a printout of ssh -Tv github.com when I use your suggested github configuration in /etc/ssh/ssh_config:

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/<>/.ssh/config
debug1: /home/<>/.ssh/config line 1: Applying options for *
debug1: /home/<>/.ssh/config line 38: Applying options for github.procure
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 24: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/mmangione/.ssh/config
debug1: /home/<>/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for github.com
debug1: /etc/ssh/ssh_config line 24: Applying options for *
debug1: Connecting to github.com [192.30.252.130] port 22.
debug1: Connection established.
debug1: identity file /home/<>/.ssh/id_rsa type 1
debug1: identity file /home/<>/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version libssh-0.6.0
debug1: no match: libssh-0.6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-ctr hmac-sha2-512 none
debug1: kex: client->server aes256-ctr hmac-sha2-512 none
Unable to negotiate a key exchange method

Here is a printout of the KexMethod lines commented out in /etc/ssh/ssh_config:

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/<>/.ssh/config
debug1: /home/<>/.ssh/config line 1: Applying options for *
debug1: /home/<>/.ssh/config line 38: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 24: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/<>/.ssh/config
debug1: /home/<>/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for github.com
debug1: /etc/ssh/ssh_config line 24: Applying options for *
debug1: Connecting to github.com [192.30.252.129] port 22.
debug1: Connection established.
debug1: identity file /home/<>/.ssh/id_rsa type 1
debug1: identity file /home/<>/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version libssh-0.6.0
debug1: no match: libssh-0.6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-ctr hmac-sha2-512 none
debug1: kex: client->server aes256-ctr hmac-sha2-512 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/<>/.ssh/known_hosts:42
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/<>/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: <>
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: id_rsa2
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

Which is the expected output for a successful connection. Any thoughts?

Why am I being forced to use ECDH as a kex method?
@dcherian
Copy link

dcherian commented Feb 4, 2015

I had the same issue. /etc/ssh/ssh_config says that all options are changed only once, so the first time you change KexAlgorithms under HostName *, it's valid for all else. The solution is to move your HostName * block with default options to the end of the .ssh/config file. Then the Host github.com block will override the default settings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dcherian @mmangione