|Re: RSEG1066 Negotiation Failed [message #1850691 is a reply to message #1850684]
||Mon, 14 March 2022 15:05
| Thomas Wolf
Registered: August 2016
Andrea Ciullo wrote on Mon, 14 March 2022 10:24|
"Failed to connect sshd on "[ip addr]"
Algorithm negotiation fail
I tried ssh connection directly with commands on terminals, and it work perfectly.
Any suggestions which could be the problem?
What SSH daemon is running on the remote end? My first guess at a possible cause would be the deprecation of the ssh-rsa SHA1-based signature algorithm.
Modern OpenSSH daemons have it disabled and require the SHA-2 signature algorithms rsa-sha2-256 or rsa-sha2-512.
I think RSE uses the JSch Java SSH library, which does not support rsa-sha2-256 or rsa-sha2-512.
If that is indeed the problem: possible work-arounds or solutions, in increasing order of difficulty, but also increasing likelihood to actually resolve the problem:
- If RSE has a way to use an external SSH executable instead of a Java library, configure it to use that external SSH executable. Otherwise:
- Do not use an RSA key for authentication. Use an ECDSA256 key.
- If that doesn't help, remove a possibly stored RSA host key from ~/.ssh/known_hosts and try again and hope the server offers a non-RSA host key.
- If that still doesn't work, try to use the JSch fork. That fork does implement the SHA-2 RSA signature algorithms. It claims to be a drop-in replacement for JSch 0.1.55, but I don't know if it's OSGi-fied. If not, you many have to re-bundle it.
- Rewrite RSE not to use com.jcraft.jsch at all but org.apache.sshd. That will work for sure (EGit/JGit uses Apache MINA sshd) but it may be (well, will be) a lot of work.
Powered by FUDForum
. Page generated in 0.04464 seconds