JSch connection issue: JSchException: Algorithm negotiation fail – Even with JCE installed

Question

I am trying to connect to a server using JSch but it gives issues with connection. I am able to connect to the server using PuTTY but not using Java code.

I am using jdk1.8.0_171

Here is the code snippet

session = jsch.getSession(username, server, SSH_PORT);
session.setPassword(password);
session.setConfig("StrictHostKeyChecking", "no");
session.setTimeout(timeout);
session.connect(timeout);

I am getting the following exception:

com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:590)
at com.jcraft.jsch.Session.connect(Session.java:320)

Below are the JSch logs:

INFO: Connecting to <servername> port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_8.0
INFO: Local version string: SSH-2.0-JSCH-0.1.54
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512
INFO: kex: server: rsa-sha2-512,rsa-sha2-256,ssh-rsa
INFO: kex: server: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
INFO: kex: server: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
INFO: kex: server: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1,umac-128-etm@openssh.com,umac-64-etm@openssh.com,umac-128@openssh.com,umac-64@openssh.com
INFO: kex: server: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1,umac-128-etm@openssh.com,umac-64-etm@openssh.com,umac-128@openssh.com,umac-64@openssh.com
INFO: kex: server: none,zlib@openssh.com
INFO: kex: server: none,zlib@openssh.com
INFO: kex: server: 
INFO: kex: server: 
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client: 
INFO: kex: client: 
INFO: Disconnecting from <servername> port 22
com.jcraft.jsch.JSchException: Algorithm negotiation fail

Here is the pom file:

<dependency>
    <groupId>com.jcraft</groupId>
    <artifactId>jsch</artifactId>
    <version>0.1.54</version>
</dependency>

I also tried using JSch 0.1.55, still the same issue.

I have checked the JSchException: Algorithm negotiation fail. But as you can see in the log, all ciphers are available.

It would be preferable if no changes are done on the server side.

How do I solve this? Thank you for your help.

Try https://github.com/mwiede/jsch it supports more algorithms — Matthias Wiedemann, Jul 08 '20 at 21:14

score 5 · Answer 1 · answered Jan 14 '22 at 17:39

For those who are facing this issue, change your pom from:

<!-- https://mvnrepository.com/artifact/com.jcraft/jsch -->
<dependency>
    <groupId>com.jcraft</groupId>
    <artifactId>jsch</artifactId>
    <version>0.1.54</version>
</dependency>

to:

<!-- https://mvnrepository.com/artifact/com.github.mwiede/jsch -->
<dependency>
    <groupId>com.github.mwiede</groupId>
    <artifactId>jsch</artifactId>
    <version>0.1.72</version>
</dependency>

Here is the repository: https://github.com/mwiede/jsch

Actually with different server I had to downgrade version of com.github.mwiede jsch library from 0.2.1 (used by Camel for sftp) to 0.1.72 — mkuzela, Jul 15 '22 at 16:00

Martin Prikryl · Accepted Answer · 2020-07-25T05:27:47.653

1

INFO: kex: server: curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512

JSch (as of 0.1.55) does not support any of those KEX algorithms.

You will have to have the server support some of the algorithms that JSch supports or switch to another SSH client library.

Obligatory warning: Do not use StrictHostKeyChecking=no to blindly accept all host keys. That is a security flaw. You lose a protection against MITM attacks.

For the correct (and secure) approach, see:
How to resolve Java UnknownHostKey, while using JSch SFTP library?

edited Jul 25 '20 at 05:27

answered Jul 11 '20 at 16:16

Martin Prikryl

188,800
56
490
992

Switching to some other SSH client. Thanks for the answer. – Aakash Panchal Jul 24 '20 at 08:54

JSch connection issue: JSchException: Algorithm negotiation fail – Even with JCE installed

2 Answers2

Linked