Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > File Transfer

Reply
 
Thread Tools Display Modes
  #1  
Old 10-02-2005, 06:50 PM
ErnieLongmire ErnieLongmire is offline
Registered User
 
Join Date: Nov 2004
Posts: 18
"No compatible key exchange method" in SecureFX 3.0.3 (build 879)

I saw this mentioned on the forums a few months ago but it was listed as a problem with a beta version. I'm seeing it in 3.0.3. Here's my setup:

SecureFX 3.0.3
SecureCRT 5.0.3

In SecureFX, I create a new session as follows:

SecureCRT Protocol: None [also tried SSH2 with same results]
SecureFX Protocol: SFTP
Hostname: <hostname>
Port: 22
Firewall: none
Username: <username>

I try to connect this session and get the following response:

Code:
i Session 00004 established for session <session name>
i SecureFX version 3.0.3.879 (Official Release - September 8, 2005)
i Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT.
i Using protocol SSH2
i RECV : Remote Identifier = "SSH-1.99-OpenSSH_3.7p1"
i CAP  : Remote can re-key
i CAP  : Remote sends language in password change requests
i CAP  : Remote sends algorithm name in PK_OK packets
i CAP  : Remote sends algorithm name in public key packets
i CAP  : Remote sends algorithm name in signatures
i CAP  : Remote sends error text in open failure packets
i CAP  : Remote sends name in service accept packets
i CAP  : Remote includes port number in x11 open packets
i CAP  : Remote uses 160 bit keys for SHA1 MAC
i CAP  : Remote supports new diffie-hellman group exchange messages
i CAP  : Remote correctly handles unknown SFTP extensions
i CAP  : Remote correctly encodes OID for gssapi
i CAP  : Remote correctly uses connected addresses in forwarded-tcpip requests
i SEND : KEXINIT
i RECV : Read kexinit
i Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE.
i Available Remote Kex Methods = diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
i Selected Kex Method = 
i Available Remote Host Key Algos = ssh-rsa,ssh-dss
i Selected Host Key Algo = ssh-dss
i Available Remote Send Ciphers = aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
i Selected Send Cipher = aes256-cbc
i Available Remote Recv Ciphers = aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
i Selected Recv Cipher = aes256-cbc
i Available Remote Send Macs = hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
i Selected Send Mac = hmac-sha1
i Available Remote Recv Macs = hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
i Selected Recv Mac = hmac-sha1
i Available Remote Compressors = none,zlib
i Selected Compressor = zlib
i Available Remote Decompressors = none,zlib
i Selected Decompressor = zlib
i SEND: Disconnect packet: SSH2_E_KEYEXCHANGE_FAILED 
i Changing state from STATE_KEY_EXCHANGE to STATE_SEND_DISCONNECT.
i RECV: TCP/IP close
i Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED.
i Connected for 0 seconds, 445 bytes sent, 654 bytes received
I also get a SecureFX dialog that reads "No compatible key exchange method. The server supports these methods: diffie-helman-group,diffie-hellman".

I don't have any problem connecting to the remote host using the command-line sftp client that comes with OpenSSH 4.1p1-1 on Cygwin.

Any help would be appreciated.
Reply With Quote
  #2  
Old 10-03-2005, 01:12 PM
bocks's Avatar
bocks bocks is offline
VanDyke Customer Support
 
Join Date: Jan 2004
Location: Albuquerque, NM
Posts: 184
Hello ErnieLongmire,
Quote:
Originally Posted by ErnieLongmire
I saw this mentioned on the forums a few months ago but it was listed as a problem with a beta version. I'm seeing it in 3.0.3. Here's my setup:

SecureFX 3.0.3
SecureCRT 5.0.3

In SecureFX, I create a new session as follows:

SecureCRT Protocol: None [also tried SSH2 with same results]
SecureFX Protocol: SFTP
Hostname: <hostname>
Port: 22
Firewall: none
Username: <username>

I try to connect this session and get the following response:

I also get a SecureFX dialog that reads "No compatible key exchange method. The server supports these methods: diffie-helman-group,diffie-hellman".

I don't have any problem connecting to the remote host using the command-line sftp client that comes with OpenSSH 4.1p1-1 on Cygwin.

Any help would be appreciated.
I am going to need some additional information in order to determine why SecureFX is unable to connect tothe server.

Both SecureCRT and SecureFX store their session information in .ini files. These files are stored in the Config folder in the user's profile. To find out the exact location, look in the Options / Global Options menu under the General category you will see a section labeled "Configuration folder". In this folder you will see a folder called Sessions. This is where all of the session .ini files are stored.

You will see a .ini file for each session. Locate the .ini file that is associated with the session that is having the connection problems. These files are plain text, so you can open them in Notepad, but you will need to make sure that all instances of SecureCRT or SecureFX are shut down before doing so.

In the session that is having the problem, look for a line that looks something like this:
Code:
S:"Key Exchange Algorithms"=diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Can you post the line from your session .ini file that corresponds to this line?

Thanks,

-bocks
Reply With Quote
  #3  
Old 10-04-2005, 09:38 AM
ErnieLongmire ErnieLongmire is offline
Registered User
 
Join Date: Nov 2004
Posts: 18
Bocks --

All of the sessions I'm having problems with have the following Key Exchange Algorithms setting:

S:"Key Exchange Algorithms"=rsa-ssh1

A couple of older sessions have:

S:"Key Exchange Algorithms"=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

but those are all SSH2-only sessions created in SecureCRT, not SFTP sessions created in SecureFX.
Reply With Quote
  #4  
Old 10-04-2005, 01:10 PM
bocks's Avatar
bocks bocks is offline
VanDyke Customer Support
 
Join Date: Jan 2004
Location: Albuquerque, NM
Posts: 184
Hi ErnieLongmire,
Quote:
Originally Posted by ErnieLongmire
Bocks --

All of the sessions I'm having problems with have the following Key Exchange Algorithms setting:

S:"Key Exchange Algorithms"=rsa-ssh1

A couple of older sessions have:

S:"Key Exchange Algorithms"=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

but those are all SSH2-only sessions created in SecureCRT, not SFTP sessions created in SecureFX.
We have had this problem reported to us a couple of times now. WHat we have been able to determine is that the problem is arising from a change in the session .ini files. In the session .ini files that are affected, it seems that three entries are affected. The Key Exchange Algorithms, GEX Min. size, and GEX Max size settings are incorrect.

In the session and Default .ini files, please look for the following lines and ensure that they match these settings:
Code:
S:"Key Exchange Algorithms"=diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
D:"GEX Minimum Size"=00000400
D:"GEX Preferred Size"=000007fe
Again, please make sure that all SecureCRT and SecureFX instances are shut down prior to making the changes, as they can overwrite any changes when a session is closed.

Once the changes are made, start SecureCRT of SecureFX and see if the same behavior returns. Can you tell me if you are able to connect successfully?

These settings will hold true for both SecureCRT andSecureFX sessions, as they use the same file format for session information, and SFTP usesrelies on the SSH2 protocol to establish the connection and act as a transport layer.


Thanks,

-bocks
Reply With Quote
  #5  
Old 10-05-2005, 09:42 AM
ErnieLongmire ErnieLongmire is offline
Registered User
 
Join Date: Nov 2004
Posts: 18
Smile

That fixed it -- thanks, bocks.
Reply With Quote
  #6  
Old 10-23-2005, 10:59 AM
antarex antarex is offline
Registered User
 
Join Date: Oct 2005
Posts: 2
I have the same problem (SecrureCRT 5.0.3) : when i create a new SSH2 session, the default settings is :
S:"Key Exchange Algorithms"=rsa-ssh1
With this settings i cannot connect to any server, i need to manualy edit the ini file to define correctly
S:"Key Exchange Algorithms"=diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
to be able to connect...

Is it a way to fix this bug directly in te interface without editing manualy every newly created session ?
Reply With Quote
  #7  
Old 10-25-2005, 08:40 AM
tnygren's Avatar
tnygren tnygren is offline
Registered User
 
Join Date: May 2005
Posts: 1,408
Hi Antarex,

There is a way to modify these settings so that all future sessions do not have this issue.

It appears that the Default.ini file in the 'Sessions' folder may have this line incorrect.

The Default.ini file determines the initial settings for all new sessions.

Does modifying this file fix the missing information in future sessions?
__________________
Thanks,

Teresa

Teresa Nygren
Reply With Quote
  #8  
Old 10-25-2005, 08:58 AM
antarex antarex is offline
Registered User
 
Join Date: Oct 2005
Posts: 2
Yes it seems that new session are now correctly defined, thanks.
Reply With Quote
  #9  
Old 10-26-2005, 08:18 AM
tnygren's Avatar
tnygren tnygren is offline
Registered User
 
Join Date: May 2005
Posts: 1,408
Hi Antarex,

I'm glad to hear that the new sessions are fine now!

Please let us know if anything changes.
__________________
Thanks,

Teresa

Teresa Nygren
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 06:24 AM.