View Single Post
Old 10-02-2018, 11:48 AM
bgagnon bgagnon is offline
VanDyke Technical Support
Join Date: Oct 2008
Posts: 4,636
Question FAQ: What causes the "No compatible key-exchange method" error in SecureCRT?

If you are getting some form of the below error:
Key exchange failed.
No compatible key-exchange method.
The server supports these methods:,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14

You can turn on Trace Options output (File menu) and find this info:
[LOCAL] : Available Remote Kex Methods =,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 
[LOCAL] : Selected Kex Method = ecdh-sha2-nistp521

KEX or Key Exchange methods: In SecureCRT, configurable in the Connection / SSH2 category of Session Options.
As of version 8.7.3, the current Key Exchange algorithms supported are (with version when support was first added):
diffie-hellman-group18-sha512 (v8.7.x)
diffie-hellman-group16-sha512 (v8.7.x)
diffie-hellman-group14-sha256 (v8.7.x)
curve25519-sha256 (v8.5.x)*
ecdh-sha2-nistp521 (v7.3.x)
ecdh-sha2-nistp384 (v7.3.x)
ecdh-sha2-nistp256 (v7.3.x)
diffie-hellman-group-exchange-sha256 (v7.3.x)
diffie-hellman-group14 (v5.0.x)
diffie-hellman-group (v3.0.x)
Kerberos (v3.0.x)*
Kerberos (Group Exchange) (v3.0.x)*
*Not available when client is running in FIPS mode

Note that while diffie-hellman is still available, it was disabled as of v8.0 due to well-documented flaws in the algorithm associated with news surrounding the Logjam vulnerability. Many other SSH servers and clients have turned off default support for the diffie-hellman key exchange algorithm.

Changes in SecureCRT 8.0 (Beta 1) -- January 28, 2016 (
  • SSH2: The "diffie-hellman" key exchange algorithm is off for the default session. This change only affects new installations.

You can employ the power of editing the Default session to enable any new key-exchange algorithms in all of your existing and future sessions. Here are some links to a tip and a video that provide more details about using the Default session to make mass changes to multiple sessions:
Note: In order for a "change" to be applied to all other sessions, the Default session's option/field you're targeting must actually be modified/different from its current value.
Attached Images
File Type: png line.png (522 Bytes, 89070 views)
File Type: png key_ex_error_in_SCRT.png (29.0 KB, 36185 views)
File Type: png SCRT873_altered_key_ex_category.png (47.5 KB, 24784 views)

VanDyke Software
Technical Support
(505) 332-5730

Last edited by bgagnon; 10-29-2020 at 08:09 AM. Reason: Update regarding three new methods in 8.7