JSchException: Algorithm negotiation fail_问答_开发者

I am trying to connect to remote sftp server over ssh with JSch (0.1.44-1) but during session.connect(); I am getting this exception:

com.jcraft.jsch.JSchException: Algorithm negotiation fail at 
com.jcraft.jsch.Session.receive_kexinit(Session.java:529) at 
com.jcraft.jsch.Session.connect(Session.java:291) at com.jcraft.jsch.Session.connect(Session.java:154)
...

Logs from JSch:

INFO: Connecting to xx.xx.xx.xxport 22 
INFO: Connection established 
INFO: Remote version string: SSH-2.0-WeOnlyDo 2.0.6 
INFO: Local version string: SSH-2.0-JSCH-0.1.44 
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available. 
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available. 
INFO: aes192-cbc is not available.
INFO: arcfour256 is not available. 
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received 
INFO: Disconnecting from xx.xx.xx.xx port 22

I am able to log in to remote server with linux sftp command. I was trying to find any kind of clue in the internet but I failed.

Debug output from linux sftp command:

OpenSSH_5.5p1-DAM_1.2, OpenSSL 0.9.8r 8 Feb 201

debug1: Reading configuration data /etc/DAM/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *.*
debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /**/spv_id_rsa.key type -1
debug1: identity file /**/spv_id_rsa.key-cert type -1
debug1: Remote protocol version 2.0, remote software version WeOnlyDo 2.0.6
debug1: no match: WeOnlyDo 2.0.6
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1-DAM_1.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-cbc hmac-md5 none
debug1: kex: client->server aes256-cb开发者_StackOverflow中文版c hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'xx.xx.xx.xx' is known and matches the RSA host key.
debug1: Found key in ~/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /**/spv_id_rsa.key
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
Connected to xx.xx.xx.xx.
sftp>

There are a couple of places that SSH clients and servers try and agree on a common implementation. Two I know of are encryption and compression. The server and client produce a list of available options and then the best available option in both lists is chosen.

If there is no acceptable option in the lists then it fails with the error you got. I'm guessing from the debug output here but it looks like the only server options for encryption are "aes256-cbc hmac-md5 none".

JSch doesn't do hmac-md5 and aes256-cbc is disabled because of your Java policy files. Two things you could try are...

To increase the available encryption libraries on the server, install unrestricted policy files on your client, enabling aes256-cbc (make sure the message saying it is disabled goes away, those policy files are notoriously easy to install on the wrong JVM) from the site:

For JDK 1.6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

For JDK 1.7: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

For JDK 1.8: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
or try and disable encryption.

The first is ideal if you have access to the server (trust me aes128-cbc is plenty of encryption), but the second is easy enough to quickly test out the theory.

Finally a solution that works without having to make any changes to the server:

Download the latest jsch.jar as Yvan suggests: http://sourceforge.net/projects/jsch/files/jsch.jar/ jsch-0.1.52.jar works fine
Place the downloaded file in your "...\JetBrains\PhpStorm 8.0.1\lib", and remove the existing jsch-file (for PHPStorm 8 it's jsch-0.1.50.jar)
Restart PHPStorm and it should work

Use the same solution for Webstorm

The complete steps to add the algorithms to the RECEIVING server (the one you are connecting to). I'm assuming this is a Linux server.

sudo /etc/ssh/sshd_config

Add this to the file (it can be at the end):

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

Then restart the SSH server:

sudo service sshd restart

FWIW, I had this same error message under JSch 0.1.50. Upgrading to 0.1.52 solved the problem.

As the jsch library seems not longer being maintained (last release was published in 2018), none of the above answer helped me to solve the issue.

I recently faced the same issue because the OpenSSH version on server was 8.8 which had said good bye to ssh-rsa algorithm. And if you search for "jsch ssh-rsa" probably you will also get this as the first result: https://www.matez.de/index.php/2020/06/22/the-future-of-jsch-without-ssh-rsa/.

As suggested on the blog post I applied the drop-in replacement and that worked without making any change in the source code. The only change that was required is to replace the com.jcraft:jsch dependency by com.github.mwiede:jsch.

Replace:

<dependency>
  <groupId>com.jcraft</groupId>
  <artifactId>jsch</artifactId>
  <version>0.1.55</version>
</dependency>

with:

<dependency>
  <groupId>com.github.mwiede</groupId>
  <artifactId>jsch</artifactId>
  <version>0.2.0</version>
</dependency>

Hope this will help future visitors.

Make sure that you're using the latest version of JSch. I had this exact same problem when using JSch 0.1.31 and trying to connect to a RedHat 5 server. Updating to the latest version solved the problem.

The issue is with the Version of JSCH jar you are using.

Update it to latest jar.

I was also getting the same error and this solution worked.

You can download latest jar from

http://www.jcraft.com/jsch/

I had the same issue, running Netbeans 8.0 on Windows, and JRE 1.7.

I just installed JRE 1.8 from https://www.java.com/fr/download/ (note that it's called Version 8 but it's version 1.8 when you install it), and it fixed it.

add KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha‌1 to your sshd_config on the server.

This worked, but make sure you restart sshd: sudo service sshd restart

The solution for me was to install the oracle unlimited JCE and install in JRE_HOME/lib/security. Then restarted glassfish and I was able to connect to my sftp server using jsch.

I updated jsch lib latest one (0.1.55). working fine for me. no need to restart the server or no need to update java(current using java8)

Upgrading Java 8 to u162 or above should help. From this version unlimited strength policy is enabled by default.