View Single Post
Old 10-02-2018, 01:59 PM
bgagnon bgagnon is offline
VanDyke Technical Support
Join Date: Oct 2008
Posts: 4,636
Question FAQ: What causes the "No compatible cipher" error in SecureCRT?

If you are getting some form of the below error in SecureCRT:
Key exchange failed.
No compatible cipher.
The server supports these ciphers: ChaCha20-Poly1305,AES-128-CTR,AES-192-CTR,AES-256-CTR,AES-128-GCM,AES-256-GCM

You can turn on Trace Options output (File menu) and find this info:
[LOCAL] : Available Remote Send Ciphers =,aes128-ctr,aes192-ctr,aes256-ctr,,
[LOCAL] : Selected Send Cipher = aes256-ctr 
[LOCAL] : Available Remote Recv Ciphers =,aes128-ctr,aes192-ctr,aes256-ctr,,
[LOCAL] : Selected Recv Cipher = aes256-ctr

Ciphers: The "Available" lists what the remote is advertising it supports. SecureCRT will try its listed cipher methods (in the Connection / SSH2 / Advanced category of Session Options) in order. The list can be reordered using the Up/Down arrow buttons next to the list.
As of version 8.5.1, current Ciphers supported are (with version when support was first added):
ChaCha20-Poly1305 (v8.3.x)*
AES-256-GCM (v8.3.x)
AES-128-GCM (v8.3.x)
AES-256-CTR (v6.1.x)
AES-192-CTR (v6.1.x)
AES-128-CTR (v6.1.x)
AES-256 (v3.3.x)
AES-192 (v3.3.x)
AES-128 (v3.3.x)
Blowfish (v3.0.x)*/**
Twofish (v3.0.x)*

3DES (v3.0.x)
DES (v3.0.x) [SSH1 only]
RC4 (v3.0.x)*/**
*Not available when client is running in FIPS mode
**Removed support for Blowfish and RC4 as of v9.0

Please note: AES-256, AES-192 and AES-128 are CBC (cipher block chaining) ciphers.

You can employ the power of editing the Default session to enable any new ciphers in all of your existing and future sessions. Here are some links to a tip and a video that provide more details about using the Default session to make mass changes to multiple sessions:
Attached Images
File Type: png SCRT851_altered_Cipher_category.png (43.9 KB, 13673 views)
File Type: png key_ex_cipher_error_in_SecureCRT.png (29.0 KB, 13155 views)

VanDyke Software
Technical Support
(505) 332-5730

Last edited by bgagnon; 10-29-2020 at 08:37 AM. Reason: Marked non-FIPS compliant ciphers