13

I'm currently working with Aptana Studio 3.6.1 (a custom build with some PHP syntax fixes). I use SFTP to upload files from my project to a test site, using the publishing tools (upload/download arrows at the top of the project).

Recently, I became unable to upload files. WinSCP is able to do so just fine, and I can SSH into the server without problem when using PuTTY or plain old OpenSSH. Aptana, however, throws a fit:

Failed to upload file
Establishing SFTP connection failed: No suitable key exchange algorithm could be agreed.
No suitable key exchange algorithm could be agreed.

The corresponding error in auth.log (with LogLevel DEBUG1):

Oct 26 14:42:42 dedi sshd[13690]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Oct 26 14:42:42 dedi sshd[13690]: debug1: inetd sockets after dupping: 3, 3
Oct 26 14:42:42 dedi sshd[13690]: Connection from [My IP] port 24321 on [Server IP] port 22
Oct 26 14:42:42 dedi sshd[13690]: debug1: Client protocol version 2.0; client software version edtFTPjPRO-4.1.0
Oct 26 14:42:42 dedi sshd[13690]: debug1: no match: edtFTPjPRO-4.1.0
Oct 26 14:42:42 dedi sshd[13690]: debug1: Enabling compatibility mode for protocol 2.0
Oct 26 14:42:42 dedi sshd[13690]: debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-2
Oct 26 14:42:42 dedi sshd[13690]: debug1: permanently_set_uid: 102/65534 [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: SSH2_MSG_KEXINIT received [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: kex: client->server 3des-cbc hmac-sha1 none [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: kex: server->client 3des-cbc hmac-sha1 none [preauth]
Oct 26 14:42:42 dedi sshd[13690]: fatal: Unable to negotiate a key exchange method [preauth]

I should note that I've already mucked around with sshd_config in order to fix an earlier error where some cipher suites that Aptana uses weren't set up on the server. I suspect this problem has something to do with key exchange cipher suites, but I'm unsure of how to debug that problem in order to determine which suites to add.

$ uname -a && lsb_release -a
Linux dedi 3.14-2-amd64 #1 SMP Debian 3.14.15-2 (2014-08-09) x86_64 GNU/Linux
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux testing (jessie)
Release:        testing
Codename:       jessie
Rob Nelson
  • 133
  • 1
  • 1
  • 4

4 Answers4

13

Please use DEBUG3 level. Then you will see the list of key exchange algorithms configured on your server as well as the list supported by your client.

Then add the following line to your /etc/ssh/sshd_config:

KexAlgorithms <here comma-separated list of Kex Algorithms configured on your server>,<here one of the Kex Algorithms supported by your client>

For example, the OpenSSH 6.7 has the following algorithms active by default: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1.

If you client supports only diffie-hellman-group1-sha1, then your /etc/ssh/sshd_config should contain

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1.

That's OK - OpenSSH v.6.7 does support diffie-hellman-group1-sha1 too, however it is off by default. You should allow sshd to use this key exchange algorithm by putting the KexAlgorithms line to your sshd config.

vim
  • 1,540
  • 12
  • 16
Nikolay
  • 146
  • 1
  • 2
10

  1. On remote server edit sshd_config:

    nano /etc/ssh/sshd_config

  2. Add the following line :

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

KexAlgorithms=curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

  1. Restart ssh service

#/etc/init.d/ssh restart

thx to

Community
  • 1
  • 1
gungott
  • 231
  • 3
  • 9
  • This answer also worked perfectly for phpDesigner 8.1.2 – SteB Dec 02 '15 at 08:40
  • Its gives this error: Restarting ssh (via systemctl): ssh.serviceJob for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. – tibasce May 01 '18 at 20:47
6

For Debian 8 jessie putting this in /etc/ssh/sshd_config solved the problem for me

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

taken from this comment https://github.com/rundeck/rundeck/issues/1147#issuecomment-85083240

dav
  • 8,931
  • 15
  • 76
  • 140
0

It's 4 years later, and Aptana STILL has not been updated with the proper key exchange algorithm. I love Aptana, but if you don't have access to the server to change the sshd_config (like if you are working for a client), you will have to use a different IDE I'm afraid.

If you came here looking for an answer, I wrote on article on how to use basic Eclipse for SSH/SFTP with keys: https://peacocksoftware.com/blog/ssh-key-authentication-eclipse

Richard
  • 1,912
  • 20
  • 28