8

Hello i have a little problem, i developped a script sftp client with node js that connect to an sftp server and grab some files, i tested it with my local server its working, but when i tried to use it with production server i received this error :

Error: Handshake failed: no matching key exchange algorithm

i already generated the rsa key using ssh-keygen

here is the relevant part of the script :

var Client = require('ssh2').Client;
var fs = require('fs');
var path = require('path');

var args = process.argv.slice(2);

var connSettings = {
    host: args[0] || '127.0.0.1',
    port: args[1] || 22,
    username: args[2] || 'karim',
    password: args[3] || 'karimos',
    algorithms: {
        hmac: ['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1', 'hmac-sha1-96']
    }

};
KarimS
  • 3,812
  • 9
  • 41
  • 64

5 Answers5

8

I also had the same problem and solved it by adding the following:

algorithms: {
        kex: [
          "diffie-hellman-group1-sha1",
          "ecdh-sha2-nistp256",
          "ecdh-sha2-nistp384",
          "ecdh-sha2-nistp521",
          "diffie-hellman-group-exchange-sha256",
          "diffie-hellman-group14-sha1"
        ],
        cipher: [
          "3des-cbc",
          "aes128-ctr",
          "aes192-ctr",
          "aes256-ctr",
          "aes128-gcm",
          "aes128-gcm@openssh.com",
          "aes256-gcm",
          "aes256-gcm@openssh.com"
        ],
        serverHostKey: [
          "ssh-rsa",
          "ecdsa-sha2-nistp256",
          "ecdsa-sha2-nistp384",
          "ecdsa-sha2-nistp521"
        ],
        hmac: [
          "hmac-sha2-256",
          "hmac-sha2-512",
          "hmac-sha1"
        ]
    }
help-info.de
  • 6,695
  • 16
  • 39
  • 41
Jesús Serrano
  • 96
  • 1
  • 1
6

For myself, I added debug: console.log to my config object. This output more about the connection attempt.

{
    "port": 22,
    "host": "test.test.com",
    "user": "test",
    "password": "******",
    "debug": console.log
}

Handshake: (remote) KEX method: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

Handshake: No matching key exchange algorithm

Based on this error I updated my config's algorithm:

{
    "port": 22,
    "host": "test.test.com",
    "user": "test",
    "password": "******",
    "algorithms": {
        "kex": [
            "diffie-hellman-group14-sha1","diffie-hellman-group-exchange-sha1"
        ]
    }
}

After adding this algorithm the connection was successful on my machine

Gabe Gates
  • 902
  • 1
  • 14
  • 19
2

You may edit your /etc/ssh/sshd configuration file, on your server, in order to allow the key authentication method :)

Mech45
  • 321
  • 1
  • 9
  • can you give me some reference, but i have used filezilla to connect to the server and its worked, also i tried without the `algorithms: { hmac: ['hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1', 'hmac-sha1-96'] }` and its didn't worked – KarimS Jan 18 '17 at 17:21
2

My first suggestion would be to upgrade the ssh server on the server you're connecting to so that a more secure configuration can be had. This is the best/most secure solution.

If you cannot make changes on this server and you absolutely need to connect, then you can explicitly set the kex to a list of key exchange methods you want to support (valid algorithm names can be found in the ssh2-streams documentation). For example:

algorithms: {
  kex: [ ... ]
}
mscdex
  • 104,356
  • 15
  • 192
  • 153
2

Have you tried changing your algorithms declaration to...?

algorithms: { serverHostKey: [ 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1', 'hmac-sha1-96' ], }

mepilp
  • 97
  • 2
  • 12