VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   General (https://forums.vandyke.com/forumdisplay.php?f=11)
-   -   FAQ: What causes the "No compatible key-exchange method" error in SecureCRT? (https://forums.vandyke.com/showthread.php?t=13272)

bgagnon 10-02-2018 12:48 PM
FAQ: What causes the "No compatible key-exchange method" error in SecureCRT?
 
3 Attachment(s)
If you are getting some form of the below error:
Key exchange failed.
No compatible key-exchange method. The server supports these methods: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14

https://forums.vandyke.com/attachmen...achmentid=1603
You can turn on Trace Options output (File menu) and find this info:
Code:
[LOCAL] : Available Remote Kex Methods = curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
[LOCAL] : Selected Kex Method = ecdh-sha2-nistp521
https://forums.vandyke.com/attachmen...achmentid=1601

KEX or Key Exchange methods: In SecureCRT, configurable in the Connection / SSH2 category of Session Options.
https://forums.vandyke.com/attachmen...achmentid=1938
As of version 8.7.3, the current Key Exchange algorithms supported are (with version when support was first added):
diffie-hellman-group18-sha512 (v8.7.x)
diffie-hellman-group16-sha512 (v8.7.x)
diffie-hellman-group14-sha256 (v8.7.x)
curve25519-sha256 (v8.5.x)*
ecdh-sha2-nistp521 (v7.3.x)
ecdh-sha2-nistp384 (v7.3.x)
ecdh-sha2-nistp256 (v7.3.x)
diffie-hellman-group-exchange-sha256 (v7.3.x)
diffie-hellman-group14 (v5.0.x)
diffie-hellman-group (v3.0.x)
Kerberos (v3.0.x)*
Kerberos (Group Exchange) (v3.0.x)*
*Not available when client is running in FIPS mode
https://forums.vandyke.com/attachmen...achmentid=1601
Note that while diffie-hellman is still available, it was disabled as of v8.0 due to well-documented flaws in the algorithm associated with news surrounding the Logjam vulnerability. Many other SSH servers and clients have turned off default support for the diffie-hellman key exchange algorithm.

Changes in SecureCRT 8.0 (Beta 1) -- January 28, 2016 (8.0.0.1011)
-----------------------------------------------------------------------------------
Changes:
  • SSH2: The "diffie-hellman" key exchange algorithm is off for the default session. This change only affects new installations.
https://forums.vandyke.com/attachmen...achmentid=1601

You can employ the power of editing the Default session to enable any new key-exchange algorithms in all of your existing and future sessions. Here are some links to a tip and a video that provide more details about using the Default session to make mass changes to multiple sessions:
https://www.vandyke.com/support/tips/defaultset.html
https://www.youtube.com/watch?v=5RbuZn9L48g
Note: In order for a "change" to be applied to all other sessions, the Default session's option/field you're targeting must actually be modified/different from its current value.

bgagnon 11-28-2018 02:57 PM
Update
 
Hi All,

Good News!

Our developers have implemented support for the curve25519-sha256 key exchange algorithm (known by two names, curve25519-sha256 and curve25519-sha256@libssh.org, it's the same algorithm in both cases).

If you would like us to make this pre-release build available to you, please contact support@vandyke.com and include "Curve25519 feature request" (or similar) in the subject line. If writing us from an email address other than that associated with your VanDyke Software download account, then please indicate in the body of the email what email address is associated with your download account. :)


All times are GMT -6. The time now is 02:13 PM.