FAQ: What causes the "No compatible cipher" error in SecureCRT?

[bgagnon]

If you are getting some form of the below error in SecureCRT:

Key exchange failed.
No compatible cipher. The server supports these ciphers: ChaCha20-Poly1305,AES-128-CTR,AES-192-CTR,AES-256-CTR,AES-128-GCM,AES-256-GCM

You can turn on Trace Options output (File menu) and find this info:

Code:

[LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[LOCAL] : Selected Send Cipher = aes256-ctr 
[LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[LOCAL] : Selected Recv Cipher = aes256-ctr

Ciphers: The "Available" lists what the remote is advertising it supports. SecureCRT will try its listed cipher methods (in the Connection / SSH2 / Advanced category of Session Options) in order. The list can be reordered using the Up/Down arrow buttons next to the list.

As of version 8.5.1, current Ciphers supported are (with version when support was first added):
ChaCha20-Poly1305 (v8.3.x)*
AES-256-GCM (v8.3.x)
AES-128-GCM (v8.3.x)
AES-256-CTR (v6.1.x)
AES-192-CTR (v6.1.x)
AES-128-CTR (v6.1.x)
AES-256 (v3.3.x)
AES-192 (v3.3.x)
AES-128 (v3.3.x)
Blowfish (v3.0.x)*/**
Twofish (v3.0.x)*
3DES (v3.0.x)
DES (v3.0.x) [SSH1 only]
RC4 (v3.0.x)*/**
*Not available when client is running in FIPS mode
**Removed support for Blowfish and RC4 as of v9.0
Please note: AES-256, AES-192 and AES-128 are CBC (cipher block chaining) ciphers.


You can employ the power of editing the Default session to enable any new ciphers in all of your existing and future sessions. Here are some links to a tip and a video that provide more details about using the Default session to make mass changes to multiple sessions:

https://www.vandyke.com/support/tips/defaultset.html
https://www.youtube.com/watch?v=5RbuZn9L48g