SSHClient connect() "Failed to negotiate key exchange algorithm." #888
Description
Error "Failed to negotiate key exchange algorithm."
Add-Type -Path 'C:\packages\Renci.SshNet.Async.1.4.0\lib\net40\Renci.SshNet.Async.dll'
Add-Type -Path 'C:\packages\SSH.NET.2016.1.0\lib\net40\Renci.SshNet.dll'
[System.AppDomain]::CurrentDomain.GetAssemblies() | Where-Object {$_.Location -match 'packages'}
GAC Version Location
--- ------- --------
False v4.0.30319 C:\packages\Renci.SshNet.Async.1.4.0\lib\net40\Renci.SshNet.Async.dll
False v4.0.30319 C:\packages\SSH.NET.2016.1.0\lib\net40\Renci.SshNet.dll
$RemoteComputer = '100.71.1.171'
$clearTextPass = 'xxxxxxx'
$sshClient = New-Object Renci.SshNet.SshClient($RemoteComputer,22,'admin',$clearTextPass)
$sshClient.Connect()
Exception calling "Connect" with "0" argument(s): "Failed to negotiate key exchange algorithm."
At line:1 char:1
+ $sshClient.Connect()
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SshConnectionExceptionList of Avaliable SSH Ciphers
~$ nmap -sV --script ssh2-enum-algos -p 22 100.71.1.171
Starting Nmap 7.80 ( https://nmap.org ) at 2021-10-10 11:25 PDT
Nmap scan report for 100.71.1.171
Host is up (0.013s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh HP Comware switch sshd 7.1.045 (protocol 2.0)
| ssh2-enum-algos:
| kex_algorithms: (2)
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| server_host_key_algorithms: (1)
| ecdsa-sha2-nistp256
| encryption_algorithms: (7)
| aes128-cbc
| aes128-ctr
| AEAD_AES_128_GCM
| aes192-ctr
| aes256-cbc
| aes256-ctr
| AEAD_AES_256_GCM
| mac_algorithms: (2)
| hmac-sha2-256
| hmac-sha2-512
| compression_algorithms: (3)
| none
| zlib
|_ zlib@openssh.com
Service Info: OS: Comware; CPE: cpe:/o:hp:comware:7.1.045
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.89 seconds
ConnectionInfo
KeyExchangeAlgorithms : {[diffie-hellman-group-exchange-sha256, Renci.SshNet.Security.KeyExchangeDiffieHellmanGroupExchangeSha256], [diffie-hellman-group-exchange-sha1,
Renci.SshNet.Security.KeyExchangeDiffieHellmanGroupExchangeSha1], [diffie-hellman-group14-sha1,
Renci.SshNet.Security.KeyExchangeDiffieHellmanGroup14Sha1], [diffie-hellman-group1-sha1, Renci.SshNet.Security.KeyExchangeDiffieHellmanGroup1Sha1]}
Encryptions : {[aes256-ctr, Renci.SshNet.CipherInfo], [3des-cbc, Renci.SshNet.CipherInfo], [aes128-cbc, Renci.SshNet.CipherInfo], [aes192-cbc,
Renci.SshNet.CipherInfo]...}
HmacAlgorithms : {[hmac-md5, Renci.SshNet.HashInfo], [hmac-md5-96, Renci.SshNet.HashInfo], [hmac-sha1, Renci.SshNet.HashInfo], [hmac-sha1-96,
Renci.SshNet.HashInfo]...}
HostKeyAlgorithms : {[ssh-rsa, System.Func`2[System.Byte[],Renci.SshNet.Security.KeyHostAlgorithm]], [ssh-dss,
System.Func`2[System.Byte[],Renci.SshNet.Security.KeyHostAlgorithm]]}
AuthenticationMethods : {password}
CompressionAlgorithms : {[none, ]}
ChannelRequests : {[env, Renci.SshNet.Messages.Connection.EnvironmentVariableRequestInfo], [exec, Renci.SshNet.Messages.Connection.ExecRequestInfo], [exit-signal,
Renci.SshNet.Messages.Connection.ExitSignalRequestInfo], [exit-status, Renci.SshNet.Messages.Connection.ExitStatusRequestInfo]...}
IsAuthenticated : False
Host : 100.71.1.171
Port : 22
Username : admin
ProxyType : None
ProxyHost :
ProxyPort : 0
ProxyUsername :
ProxyPassword :
Timeout : 00:00:30
Encoding : System.Text.UTF8Encoding
RetryAttempts : 10
MaxSessions : 10
CurrentKeyExchangeAlgorithm :
CurrentServerEncryption :
CurrentClientEncryption :
CurrentServerHmacAlgorithm :
CurrentClientHmacAlgorithm :
CurrentHostKeyAlgorithm :
CurrentServerCompressionAlgorithm :
ServerVersion : SSH-2.0-Comware-7.1.045
ClientVersion : SSH-2.0-Renci.SshNet.SshClient.0.0.1
CurrentClientCompressionAlgorithm :ConnectionInfo.Encoding
$sshClient.ConnectionInfo.Encoding
BodyName : utf-8
EncodingName : Unicode (UTF-8)
HeaderName : utf-8
WebName : utf-8
WindowsCodePage : 1200
IsBrowserDisplay : True
IsBrowserSave : True
IsMailNewsDisplay : True
IsMailNewsSave : True
IsSingleByte : False
EncoderFallback : System.Text.EncoderReplacementFallback
DecoderFallback : System.Text.DecoderReplacementFallback
IsReadOnly : True
CodePage : 65001
ConnectionInfo.Encyptions
$sshClient.ConnectionInfo.Encryptions
Key Value
--- -----
aes256-ctr Renci.SshNet.CipherInfo
3des-cbc Renci.SshNet.CipherInfo
aes128-cbc Renci.SshNet.CipherInfo
aes192-cbc Renci.SshNet.CipherInfo
aes256-cbc Renci.SshNet.CipherInfo
blowfish-cbc Renci.SshNet.CipherInfo
twofish-cbc Renci.SshNet.CipherInfo
twofish192-cbc Renci.SshNet.CipherInfo
twofish128-cbc Renci.SshNet.CipherInfo
twofish256-cbc Renci.SshNet.CipherInfo
arcfour Renci.SshNet.CipherInfo
arcfour128 Renci.SshNet.CipherInfo
arcfour256 Renci.SshNet.CipherInfo
cast128-cbc Renci.SshNet.CipherInfo
aes128-ctr Renci.SshNet.CipherInfo
aes192-ctr Renci.SshNet.CipherInfo
ConnectionInfo.HostKeyAlgorithms
PS C:\Users\Administrator> $sshClient.ConnectionInfo.HostKeyAlgorithms
Key Value
--- -----
ssh-rsa System.Func`2[System.Byte[],Renci.SshNet.Security.KeyHostAlgorithm]
ssh-dss System.Func`2[System.Byte[],Renci.SshNet.Security.KeyHostAlgorithm]
($sshClient.ConnectionInfo.HostKeyAlgorithms).'ssh-rsa'
Method Target
------ ------
Renci.SshNet.Security.KeyHostAlgorithm <.ctor>b__126_20(Byte[]) Renci.SshNet.ConnectionInfo+<>c
PS C:\Users\Administrator> ($sshClient.ConnectionInfo.HostKeyAlgorithms).'ssh-rsa'.method
Name : <.ctor>b__126_20
DeclaringType : Renci.SshNet.ConnectionInfo+<>c
ReflectedType : Renci.SshNet.ConnectionInfo+<>c
MemberType : Method
MetadataToken : 100666569
Module : Renci.SshNet.dll
IsSecurityCritical : True
IsSecuritySafeCritical : False
IsSecurityTransparent : False
MethodHandle : System.RuntimeMethodHandle
Attributes : PrivateScope, Assembly, HideBySig
CallingConvention : Standard, HasThis
ReturnType : Renci.SshNet.Security.KeyHostAlgorithm
ReturnTypeCustomAttributes : Renci.SshNet.Security.KeyHostAlgorithm
ReturnParameter : Renci.SshNet.Security.KeyHostAlgorithm
IsGenericMethod : False
IsGenericMethodDefinition : False
ContainsGenericParameters : False
MethodImplementationFlags : Managed
IsPublic : False
IsPrivate : False
IsFamily : False
IsAssembly : True
IsFamilyAndAssembly : False
IsFamilyOrAssembly : False
IsStatic : False
IsFinal : False
IsVirtual : False
IsHideBySig : True
IsAbstract : False
IsSpecialName : False
IsConstructor : False
CustomAttributes : {}
PS C:\Users\Administrator> ($sshClient.ConnectionInfo.HostKeyAlgorithms).'ssh-rsa'.target
Renci.SshNet.ConnectionInfo+<>cSSH -vvvv output
PS C:\Users\Administrator> ssh admin@$($sshClient.ConnectionInfo.Host) -vvvv
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug3: Failed to open file:C:/Users/Administrator/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 100.71.1.171 is address
debug2: ssh_connect_direct
debug1: Connecting to 100.71.1.171 [100.71.1.171] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa-cert.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_dsa.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_dsa-cert.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa-cert.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519-cert.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss-cert.pub error:2
debug1: identity file C:\\Users\\Administrator/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version Comware-7.1.045
debug1: no match: Comware-7.1.045
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 100.71.1.171:22 as 'admin'
debug3: Failed to open file:C:/Users/Administrator/.ssh/known_hosts error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384
debug2: host key algorithms: ecdsa-sha2-nistp256
debug2: ciphers ctos: aes128-cbc,aes128-ctr,AEAD_AES_128_GCM,aes192-ctr,aes256-cbc,aes256-ctr,AEAD_AES_256_GCM
debug2: ciphers stoc: aes128-cbc,aes128-ctr,AEAD_AES_128_GCM,aes192-ctr,aes256-cbc,aes256-ctr,AEAD_AES_256_GCM
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none,zlib,zlib@openssh.com
debug2: compression stoc: none,zlib,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XlRm61+05NXm3+yfu0OA+NELoSji2hbGWMd1zZoTXYs
debug3: Failed to open file:C:/Users/Administrator/.ssh/known_hosts error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
The authenticity of host '100.71.1.171 (100.71.1.171)' can't be established.
ECDSA key fingerprint is SHA256:XlRm61+05NXm3+yfu0OA+NELoSji2hbGWMd1zZoTXYs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '100.71.1.171' (ECDSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\Administrator/.ssh/id_rsa
debug1: Will attempt key: C:\\Users\\Administrator/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\Administrator/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\Administrator/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\Administrator/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
Unauthorized access and/or use prohibited.
All access and/or use subject to monitoring.
NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
debug3: receive packet: type 51
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
admin@100.71.1.171's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: password
Permission denied, please try again.
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
admin@100.71.1.171's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).
Authenticated to 100.71.1.171 ([100.71.1.171]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug3: This windows OS supports conpty
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug3: Successfully set console output code page from:65001 to 65001
debug3: Successfully set console input code page from:437 to 65001
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
******************************************************************************
* Copyright (c) 2010-2018 Hewlett Packard Enterprise Development LP *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Host name: switch
<switch>