VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   Secure Shell (https://forums.vandyke.com/forumdisplay.php?f=15)
-   -   No compatible key exchange method (https://forums.vandyke.com/showthread.php?t=13086)

malick.mbaye 04-15-2018 02:22 PM

No compatible key exchange method
 
Hello,
I can't connect to Wallix server by SSH because have got the message below:

"Key exchange failed.
No compatible key exchange method. The server supports these methods: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
No compatible MAC. The server supports these MACs: hmac-sha2-256,hmac-sha2-512"

I went to Session Setting but have seen that those protocols above are not used by my SecureCRT.



Is there a way to implement it mannualy on SecureCRT or do you know any other options i can modify for making it works?
Thanks for help.

bgagnon 04-16-2018 07:34 AM

Hi malick.mbaye,

What version of SecureCRT are you using?

Quote:

I went to Session Setting but have seen that those protocols above are not used by my SecureCRT.
They are not protocols, so I am not sure if you were looking in the right places.

Quote:

No compatible key exchange method. The server supports these methods: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Support for the latter one was added in v7.3:

Changes in SecureCRT 7.3 (Beta 3) -- September 9, 2014
------------------------------------------------------

  • Added support for diffie-hellman-group-exchange-sha256 key-exchange algorithm.
Support for curve25519 is a feature request:

I have added this thread to a feature request in our product enhancement database to implement curve25519-sha256 and curve25519-sha256@libssh.org key exchange algo. Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct email notification, send an email to support@vandyke.com and include "Feature Request - Forum Thread #13086" in the subject line or use this form from the support page of our website.

If using v7.3.x or later, you should be able to enable diffie-hellman-group-exchange-sha256 in the Connection / SSH2 category of Session Options (in the key exchange grouping).


Quote:

No compatible MAC. The server supports these MACs: hmac-sha2-256,hmac-sha2-512"
Support for these MACs was added in v7.2:

Changes in SecureCRT 7.2 (Beta 1) -- October 8, 2013 (7.2.0.359)
----------------------------------------------------
  • SSH2: Added support for SHA-2 MAC algorithms.
If using v7.2.x or later (but of course you need v7.3 for the above), you should be able to enable SHA2 MACs in the Connection / SSH2 / Advanced category of Session Options (in the MAC grouping). It is recommended that SHA2-256 be higher in the list than SHA2-512 because some servers don't properly implement the 512 version.

johnpoz 09-11-2018 09:20 AM

Running 8.5 of securecrt and sill no love for KEX
curve25519-sha256@libssh.org

Any possible private beta with support for this KEX?

ekoranyi 09-11-2018 09:44 AM

Hi johnpoz,

I have recorded your interest in our database of SecureCRT feature requests so that the product director can evaluate it for possible inclusion in a future release. Due to export restrictions, we are required to submit a request to the Federal Government before support for curve25519-sha256@libssh.org can be added to our products. At this time, we don't know how long this process will take..

Should a version of SecureCRT become available with this feature, we will be sure to let you know.

bgagnon 11-26-2018 03:32 PM

Hi all,

Our developers have implemented support for the curve25519-sha256 key exchange algorithm (known by two names, curve25519-sha256 and curve25519-sha256@libssh.org, it's the same algorithm in both cases).

If you would like us to make this pre-release build available to you, please contact support@vandyke.com and include "Curve25519 feature request" (or similar) in the subject line. If writing us from an email address other than that associated with your VanDyke Software download account, then please indicate in the body of the email what email address is associated with your download account. :)


All times are GMT -6. The time now is 02:29 PM.