DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:date:message-id:subject:from:to
	:content-type; q=dns; s=default; b=cb8ECu+th744ap8kkti/qIX1bH5P2
	8bdmL3Dfvc40XNHG12jHxyLNjqEb+L7+fe53fNz8CFJEn7X96rn+S+fGIpNvHEyW
	LLSK2DRcF645nbYBNu/HDcebeeaU9w3sQDtP8B4St6YuQfiPHybCE0c6+7KWvXUO
	TPjObW78QMvAzA=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
MIME-Version: 1.0
Date: Thu, 30 Oct 2014 13:59:17 -0700
Message-ID: <CAHDNAGKke5+yybC-x+UTkkv_QT6henbP-==29v_OTeeE4My0rw@mail.gmail.com>
Subject: SSH session failing with latest cygwin/openssh version 1.7.32(0.274/5/3)
From: Prakash Babu <jprakashbabu31 AT gmail DOT com>
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=UTF-8

SSH Server: I have installed cygwin 1.7.32 and configure sshd on my
windows host.
SSH Client  : I use jsch-0.1.51.jar (latest) as my ssh client

When I try to establish an ssh session I get the following failure message.
Exception Algorithm negotiation fail

The following is my ssh client and server logs with debug option enabled.
Has the OpenSSH server version shipped with cygwin changed recently ?
Can someone suggest a workaround to get passed this issue ?


SSH client logs.
=============
JSCH LOG:INFO:  : Remote version string: SSH-2.0-OpenSSH_6.7
JSCH LOG:INFO:  : Local version string: SSH-2.0-JSCH-0.1.51
JSCH LOG:INFO:  : CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
JSCH LOG:INFO:  : aes256-cbc is not available.
JSCH LOG:INFO:  : aes192-cbc is not available.
JSCH LOG:INFO:  : CheckKexes: diffie-hellman-group14-sha1
JSCH LOG:INFO:  : diffie-hellman-group14-sha1 is not available.
JSCH LOG:INFO:  : SSH_MSG_KEXINIT sent
JSCH LOG:INFO:  : SSH_MSG_KEXINIT received
JSCH LOG:INFO:  : kex: server:
curve25519-sha256 AT libssh DOT org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
JSCH LOG:INFO:  : kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
JSCH LOG:INFO:  : kex: server:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm AT openssh DOT com,aes256-gcm AT openssh DOT com,chacha20-poly1305 AT openssh DOT com
JSCH LOG:INFO:  : kex: server:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm AT openssh DOT com,aes256-gcm AT openssh DOT com,chacha20-poly1305 AT openssh DOT com
JSCH LOG:INFO:  : kex: server:
umac-64-etm AT openssh DOT com,umac-128-etm AT openssh DOT com,hmac-sha2-256-etm AT openssh DOT com,hmac-sha2-512-etm AT openssh DOT com,hmac-sha1-etm AT openssh DOT com,umac-64 AT openssh DOT com,umac-128 AT openssh DOT com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
JSCH LOG:INFO:  : kex: server:
umac-64-etm AT openssh DOT com,umac-128-etm AT openssh DOT com,hmac-sha2-256-etm AT openssh DOT com,hmac-sha2-512-etm AT openssh DOT com,hmac-sha1-etm AT openssh DOT com,umac-64 AT openssh DOT com,umac-128 AT openssh DOT com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
JSCH LOG:INFO:  : kex: server: none,zlib AT openssh DOT com
JSCH LOG:INFO:  : kex: server: none,zlib AT openssh DOT com
JSCH LOG:INFO:  : kex: server:
JSCH LOG:INFO:  : kex: server:
JSCH LOG:INFO:  : kex: client:
diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
JSCH LOG:INFO:  : kex: client: ssh-rsa,ssh-dss
JSCH LOG:INFO:  : kex: client:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
JSCH LOG:INFO:  : kex: client:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
JSCH LOG:INFO:  : kex: client:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
JSCH LOG:INFO:  : kex: client:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
JSCH LOG:INFO:  : kex: client: none
JSCH LOG:INFO:  : kex: client: none
JSCH LOG:INFO:  : kex: client:
JSCH LOG:INFO:  : kex: client:
JSCH LOG:INFO:  : Disconnecting from xxx.xxx.com port 22
Exception Algorithm negotiation fail
com.jcraft.jsch.JSchException: Algorithm negotiation fail


SSH Server logs
==============
debug1: Client protocol version 2.0; client software version JSCH-0.1.51
debug1: no match: JSCH-0.1.51
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 3664
debug3: preauth child monitor started
debug1: list_hostkey_types:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit:
curve25519-sha256 AT libssh DOT org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-
group14-sha1 [preauth]
debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm AT openssh DOT com,aes256-gcm AT openssh DOT com,chacha20-poly1305 AT openssh DOT com
[preauth]
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm AT openssh DOT com,aes256-gcm AT openssh DOT com,chacha20-poly1305 AT openssh DOT com
[preauth]
debug2: kex_parse_kexinit:
umac-64-etm AT openssh DOT com,umac-128-etm AT openssh DOT com,hmac-sha2-256-etm AT openssh DOT com,hmac-sha2-512-etm AT openssh DOT com,hmac-sha1-etm AT openssh DOT com,uma
c-64 AT openssh DOT com,umac-128 AT openssh DOT com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit:
umac-64-etm AT openssh DOT com,umac-128-etm AT openssh DOT com,hmac-sha2-256-etm AT openssh DOT com,hmac-sha2-512-etm AT openssh DOT com,hmac-sha1-etm AT openssh DOT com,uma
c-64 AT openssh DOT com,umac-128 AT openssh DOT com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit: none,zlib AT openssh DOT com [preauth]
debug2: kex_parse_kexinit: none,zlib AT openssh DOT com [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: kex_parse_kexinit:
diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
[preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc [preauth]
debug2: kex_parse_kexinit:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc [preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: client->server aes128-ctr hmac-sha1 none [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: server->client aes128-ctr hmac-sha1 none [preauth]
Unable to negotiate a key exchange method [preauth]

thanks,
Prakash

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple