Cyberduck Mountain Duck CLI

#8488 closed enhancement (fixed)

Support for key exchange algorithm diffie-hellman-group-exchange-sha256

Reported by: zepi Owned by: dkocher
Priority: normal Milestone: 4.8
Component: sftp Version: 4.6.1
Severity: normal Keywords: ssh, cipher, kex
Cc:, Architecture: Intel
Platform: Mac OS X 10.10

Description (last modified by zepi)

After latest Snowden leaks it seems that default OpenSSH settings are no longer acceptable for secure communication. See:

Having the following lines in sshd_config in server side prevents Cyberduck connecting with a error message:

Connection Failed

Unable to reach a settlement: [diffie-hellman-group14-sha1, diffie-hellman-group1-sha1] and [, diffie-hellman-group-exchange-sha256]. The connection attempt was rejected. The server may be down, or your network may not be properly configured

I get no entries to log drawer.

Sshd config on server side:


At least by the look of it, diffie-helman-group-exchange-sha256 and are enabled in these kex settings, so my guess is that the incompatibility is either due lack of appropriate ciphers or a bug in kex implementation.

I'm connecting to OpenSSH_6.6.1p1 Debian-4~bpo70+1, OpenSSL 1.0.1e 13

Change History (15)

comment:1 Changed on Jan 14, 2015 at 9:09:49 PM by dkocher

Can you verify that the connection also fails using the latest snapshot build available.

comment:2 Changed on Jan 15, 2015 at 8:42:29 AM by dkocher

  • Description modified (diff)

comment:3 Changed on Jan 15, 2015 at 9:11:40 AM by zepi

  • Description modified (diff)

I checked with the latest Version 4.7 (16463) and it fails with the same error message.

For example my OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 that is integrated with OSX works without a hitch.

comment:4 Changed on Jan 15, 2015 at 9:46:37 AM by dkocher

  • Milestone set to 4.7
  • Status changed from new to assigned

comment:5 Changed on Jan 15, 2015 at 1:05:31 PM by dkocher

The negotiation fails because we find no matching key exchange algorithm. We currently support diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1.

comment:6 Changed on Jan 15, 2015 at 1:18:33 PM by dkocher

  • Summary changed from Connection failed to hardened SSH-server to No support for key exchange algorithm diffie-hellman-group-exchange-sha256
  • Type changed from defect to enhancement

comment:7 Changed on Jan 15, 2015 at 7:01:35 PM by offenbach

my findings
Cyberduck does not provide HMAC and key-exchange algorithms yet, that are required to access SSH servers that have been configured following the mentioned blog entry.

longer description
My SSH server is hardened the same way. I checked with 4.7 and had no luck connecting. First error was "no matching mac found"

no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256,hmac-sha2-512 server,,, [preauth]

I re-enabled "hmac-sha2-512" in sshd settings /etc/ssh/sshd_config:


Now sshd complains about not being able to agree upon a key exchange method

debug2: kex_parse_kexinit:,diffie-hellman-group-exchange-sha256 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit:,,,aes256-ctr,aes192-ctr,aes128-ctr [preauth]
debug2: kex_parse_kexinit:,,,,hmac-sha2-512 [preauth]
debug2: kex_parse_kexinit: none, [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256,ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc [preauth]
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256,hmac-sha2-512 [preauth]
debug2: kex_parse_kexinit:,zlib,none [preauth]
debug2: mac_setup: setup hmac-sha2-512 [preauth]
debug2: kex: client->server aes128-ctr hmac-sha2-512 [preauth]
Unable to negotiate a key exchange method [preauth]

Cyberduck does not provide the hardened key exchange methods "" nor "diffie-hellman-group-exchange-sha256". So if you want to connect to your SSH server, you need to use a less secure key exchange method. Fortunately Cyberduck's error dialog reveals possible algorithms. I choose "diffie-hellman-group14-sha1". So tweak your SSH settings in case you need to access your server with Cyberduck:


comment:8 Changed on Jan 27, 2015 at 10:14:44 AM by dkocher

  • Summary changed from No support for key exchange algorithm diffie-hellman-group-exchange-sha256 to Support for key exchange algorithm diffie-hellman-group-exchange-sha256

comment:9 Changed on Jan 27, 2015 at 10:15:04 AM by dkocher

See also #8528.

comment:10 Changed on Feb 6, 2015 at 5:28:31 PM by lbort

  • Cc added

comment:11 Changed on Feb 20, 2015 at 2:25:37 PM by dkocher

  • Milestone 4.7 deleted

comment:12 Changed on Apr 10, 2015 at 11:27:00 AM by andreas hubel

  • Cc added

Any updates on this issue?

comment:13 Changed on May 20, 2015 at 12:28:05 PM by dkocher

Referencing sshj#167.

comment:14 Changed on Oct 29, 2015 at 1:03:32 PM by dkocher

Upstream fix.

comment:15 Changed on Oct 29, 2015 at 1:11:04 PM by dkocher

  • Milestone set to 4.8
  • Resolution set to fixed
  • Status changed from assigned to closed

In r18434.

Note: See TracTickets for help on using tickets.