I'm getting the following error when trying to ssh to a Cisco ACS device using the paramiko library. I've used paramiko in python without issue, and I can ssh to this box from the command line, or using putty without issue. I've turned on debugging and copied the info here. Please let me know if you can help me out.
import paramiko
import sys
import socket
try:
paramiko.common.logging.basicConfig(level=paramiko.common.DEBUG)
sshConnection = paramiko.SSHClient()
sshConnection.set_missing_host_key_policy(paramiko.AutoAddPolicy())
sshConnection.connect('server',username='username',password='password')
except paramiko.BadAuthenticationType:
sys.stdout.write('Bad Password!\n')
sys.exit()
except paramiko.SSHException, sshFail:
sys.stdout.write('Connection Failed!\n')
sys.stdout.write('%s\n' % sshFail)
sys.exit()
except socket.error, socketFail:
sys.stdout.write('Failed to open socket\n')
sys.stdout.write('%s\n' % socketFail)
sys.exit()
and the debug output returned:
DEBUG:paramiko.transport:starting thread (client mode): 0x14511d0L
INFO:paramiko.transport:Connected (version 2.0, c开发者_Go百科lient OpenSSH_5.3)
DEBUG:paramiko.transport:kex algos:['diffie-hellman-group14-sha1'] server key:['ssh-rsa'] client encrypt:['aes256-cbc', 'aes128-cbc', '3des-cbc'] server encrypt:['aes256-cbc', 'aes128-cbc', '3des-cbc'] client mac:['hmac-sha1'] server mac:['hmac-sha1'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
ERROR:paramiko.transport:Exception: Incompatible ssh peer (no acceptable kex algorithm)
ERROR:paramiko.transport:Traceback (most recent call last):
ERROR:paramiko.transport: File "build\bdist.win32\egg\paramiko\transport.py", line 1546, in run
ERROR:paramiko.transport: self._handler_table[ptype](self, m)
ERROR:paramiko.transport: File "build\bdist.win32\egg\paramiko\transport.py", line 1618, in _negotiate_keys
ERROR:paramiko.transport: self._parse_kex_init(m)
ERROR:paramiko.transport: File "build\bdist.win32\egg\paramiko\transport.py", line 1731, in _parse_kex_init
ERROR:paramiko.transport: raise SSHException('Incompatible ssh peer (no acceptable kex algorithm)')
ERROR:paramiko.transport:SSHException: Incompatible ssh peer (no acceptable kex algorithm)
ERROR:paramiko.transport:
Connection Failed!
Incompatible ssh peer (no acceptable kex algorithm)
I've made sure I have the most recent versions of pycrypto and paramiko installed.
I was having similar issue with Debian 8 and OpenSSH on the server side.
As a quick fix, the following Cipher/MACs/KexAlgorithms settings on the server side fixes the issue:
In /etc/ssh/sshd_config:
Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
Though... you should analyze those settings from the security point of view. I set it in lab env, so didn't take care about it.
Also not sure if you can modify it in this way for Cisco ACS
I upgraded the paramiko to fix the problem:
sudo pip install paramiko --upgrade
My updated version of paramiko is:
paramiko==2.0.2
I was getting the following error when trying to ssh to an Aruba device using paramiko:
paramiko.ssh_exception.SSHException: Incompatible ssh peer (no acceptable kex algorithm)
Doing a paramiko upgrade resolved this issue:
sudo pip install paramiko --upgrade
In case anyone else is still having this issue even after upgrading using pip install paramiko --upgrade , be sure you don't have paramiko installed system wide, because it will be loaded before the pip ones, you can check it with dpkg -l | grep paramiko, if it's installed remove it and install through pip.
For me, I upgraded the version of paramiko and it resolved things. Specifically, I originally installed paramiko via the Ubuntu 14.04 python-paramiko package and replaced it with the latest using pip (1.10 -> 1.16).
This may not help the OP's situation, but hopefully it may help someone else with the same error.
I ran into a situation where one script would SSH into a system just fine, but another similar script would fail with the same
paramiko.SSHException: Incompatible ssh peer (no acceptable kex algorithm)
error.
The situation turned out to be the shebang line at the top of my script:
#!/usr/bin/python
Would fail, while
#!/usr/bin/env python
would succeed.
I'm using virtualenvs on my system, so the failing /usr/bin/python version was using the older Paramiko version installed on the system, whereas the /usr/bin/env python version was using the newer Paramiko installation in my virtualenv.
That error is in a situation where your version of paramiko does not support the key exchange algorithms that is using the device you want to connect.
ssh.connect('10.119.94.8', 22, username="user",password='passwor')
t = ssh.get_transport()
so = t.get_security_options()
so.kex
('diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1')
so.ciphers
('aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256')
paramiko.__version__
'1.10.1'
In the paramiko logs you can see the key exchange algos of your connection.
DEB paramiko.transport: starting thread (client mode): 0x11897150L
INF paramiko.transport: Connected (version 2.0, client OpenSSH_7.2)
DEB paramiko.transport: kex algos:['diffie-hellman-group14-sha1', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384'] server key:['ssh-rsa'] client encrypt:['aes128-ctr', 'aes256-ctr'] server encrypt:['aes128-ctr', 'aes256-ctr'] client mac:['hmac-sha1'] server mac:['hmac-sha1'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
ERR paramiko.transport: Exception: Incompatible ssh peer (no acceptable kex algorithm)
ERR paramiko.transport: Traceback (most recent call last):
ERR paramiko.transport: raise SSHException('Incompatible ssh peer (no acceptable kex algorithm)')
ERR paramiko.transport: SSHException: Incompatible ssh peer (no acceptable kex algorithm)
So I recommend to upgrade to a recent paramiko version, for example 2.4.2 for 2018. In this version is supported sha1 and sha2 for key exchange algorithms.
>>> ssh.connect("hostdev",22,username="user",password="pass")
>>> transport1=ssh.get_transport()
>>> so=transport1.get_security_options()
>>> so.kex
('ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1')
>>>
>>> so.ciphers
('aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc', 'blowfish-cbc', '3des-cbc')
>>>
>>> print paramiko.__version__
2.4.2
I recently came across this as I updated my server from Ubuntu 20 to 22, and a different VPS provider. Manual SSH was fine, nothing had changed, but paramiko was breaking my scripts.
Locally, my python 3.8 venv had:
paramiko 2.8.1
At the usual call to connect:
from paramiko import SSHClient
client = SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(...
I received:
paramiko.ssh_exception.SSHException: Incompatible ssh peer (no acceptable host key)
As Romaan said much earlier all I needed was:
pip install --upgrade paramiko
...
Successfully installed paramiko-2.11.0
Just wanted to illustrate his helpful answer with my context to show it is still relevant.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论