View Single Post
Old 10-02-2018, 01:59 PM
bgagnon bgagnon is offline
VanDyke Technical Support
Join Date: Oct 2008
Posts: 4,207
Question FAQ: What causes the "No compatible cipher" error in SecureCRT?

If you are getting some form of the below error in SecureCRT:
Key exchange failed.
No compatible cipher.
The server supports these ciphers: ChaCha20-Poly1305,AES-128-CTR,AES-192-CTR,AES-256-CTR,AES-128-GCM,AES-256-GCM

You can turn on Trace Options output (File menu) and find this info:
[LOCAL] : Available Remote Send Ciphers =,aes128-ctr,aes192-ctr,aes256-ctr,,
[LOCAL] : Selected Send Cipher = aes256-ctr 
[LOCAL] : Available Remote Recv Ciphers =,aes128-ctr,aes192-ctr,aes256-ctr,,
[LOCAL] : Selected Recv Cipher = aes256-ctr

Ciphers: The "Available" lists what the remote is advertising it supports. SecureCRT will try its listed cipher methods (in the Connection / SSH2 / Advanced category of Session Options) in order. The list can be reordered using the Up/Down arrow buttons next to the list.
As of version 8.5.1, current Ciphers supported are (with version when support was first added):
ChaCha20-Poly1305 (v8.3.x)
AES-256-GCM (v8.3.x)
AES-128-GCM (v8.3.x)
AES-256-CTR (v6.1.x)
AES-192-CTR (v6.1.x)
AES-128-CTR (v6.1.x)
AES-256 (v3.3.x)
AES-192 (v3.3.x)
AES-128 (v3.3.x)
Blowfish (v3.0.x)
Twofish (v3.0.x)
3DES (v3.0.x)
DES (v3.0.x)
RC4 (v3.0.x)

Please note: AES-256, AES-192 and AES-128 are CBC (cipher block chaining) ciphers.

You can employ the power of editing the Default session to enable any new ciphers in all of your existing and future sessions. Here are some links to a tip and a video that provide more details about using the Default session to make mass changes to multiple sessions:
Attached Images
File Type: png SCRT851_altered_Cipher_category.png (43.9 KB, 5451 views)
File Type: png key_ex_cipher_error_in_SecureCRT.png (29.0 KB, 5315 views)

VanDyke Software
Technical Support
(505) 332-5730

Last edited by bgagnon; 03-04-2020 at 07:44 AM. Reason: Clarified AES CBC