||Thread Tools||Display Modes|
FAQ: What causes the "No compatible key-exchange method" error in SecureCRT?
If you are getting some form of the below error:
Key exchange failed.You can turn on Trace Options output (File menu) and find this info:
[LOCAL] : Available Remote Kex Methods = email@example.com,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [LOCAL] : Selected Kex Method = ecdh-sha2-nistp521
KEX or Key Exchange methods: In SecureCRT, configurable in the Connection / SSH2 category of Session Options.
As of version 8.7.3, the current Key Exchange algorithms supported are (with version when support was first added):
Kerberos (Group Exchange) (v3.0.x)*
*Not available when client is running in FIPS mode
Note that while diffie-hellman is still available, it was disabled as of v8.0 due to well-documented flaws in the algorithm associated with news surrounding the Logjam vulnerability. Many other SSH servers and clients have turned off default support for the diffie-hellman key exchange algorithm.
Changes in SecureCRT 8.0 (Beta 1) -- January 28, 2016 (22.214.171.1241)
You can employ the power of editing the Default session to enable any new key-exchange algorithms in all of your existing and future sessions. Here are some links to a tip and a video that provide more details about using the Default session to make mass changes to multiple sessions:
Note: In order for a "change" to be applied to all other sessions, the Default session's option/field you're targeting must actually be modified/different from its current value.
Last edited by bgagnon; 10-29-2020 at 08:09 AM. Reason: Update regarding three new methods in 8.7
|curve , debugging , diffie-hellman , ecdh , faq , kex , keyex , securecrt , securefx , troubleshooting|