Cyberduck Mountain Duck CLI

#9947 closed defect (thirdparty)

Unable to reach a settlement for key exchange

Reported by: ScottStearns Owned by: dkocher
Priority: normal Milestone: 6.0.1
Component: sftp Version: 6.0
Severity: normal Keywords:
Cc: Architecture:
Platform: Mac OS X 10.7

Description (last modified by dkocher)

This is happening with two SFTP accounts. Both worked fine for many months and as recently as last week.

No settings have been changed. Both accounts can be accessed normally, with no issues, using other FTP client apps. With CyberDuck I receive this error message:

Unable to reach a settlement: [diffie-hellman-group14-sha1, diffie-hellman-group1-sha1] and [diffie-hellaman-group-exchange-sha256]. The connection attempt was rejected. The server may be down, or your network may not be properly configured.

Note: I don't know who diffie-hellman-group is. These don't appear to be certificates for me or my hosts.

I did contact the hosting provider. It was established that normal connection is possible by using other FTP clients.

Thank you.

Change History (7)

comment:1 Changed on May 18, 2017 at 7:31:17 PM by dkocher

  • Component changed from core to sftp
  • Description modified (diff)
  • Owner set to dkocher

comment:2 Changed on May 18, 2017 at 9:00:12 PM by dkocher

  • Summary changed from Unable to Connect to SFTP to Unable to reach a settlement for key exchange

comment:3 follow-up: Changed on May 18, 2017 at 9:01:26 PM by dkocher

  • Milestone set to 6.0.1
  • Resolution set to thirdparty
  • Status changed from new to closed

It looks like the server responds with spelling error in the proposed key exchange algorithm. It should be diffie-hellman-group-exchange-sha256 but not diffie-hellaman-group-exchange-sha256. Therefore the negotiation of the key exchange algorithm fails.

comment:4 in reply to: ↑ 3 ; follow-up: Changed on May 18, 2017 at 9:07:32 PM by ScottStearns

Replying to dkocher:

It looks like the server responds with spelling error in the proposed key exchange algorithm. It should be diffie-hellman-group-exchange-sha256 but not diffie-hellaman-group-exchange-sha256. Therefore the negotiation of the key exchange algorithm fails.

Thank you for investigating this. Do you know the cause or the solution yet?

comment:5 in reply to: ↑ 4 Changed on May 19, 2017 at 12:33:11 AM by dkocher

Replying to ScottStearns:

Replying to dkocher:

It looks like the server responds with spelling error in the proposed key exchange algorithm. It should be diffie-hellman-group-exchange-sha256 but not diffie-hellaman-group-exchange-sha256. Therefore the negotiation of the key exchange algorithm fails.

Thank you for investigating this. Do you know the cause or the solution yet?

The cause looks to be a bug in the server software.

comment:6 Changed on May 19, 2017 at 5:13:11 PM by ScottStearns

  • Resolution thirdparty deleted
  • Status changed from closed to reopened

Thank you, which server? The problem persists when I attempt to use Cyberduck. The issue doesn't exist accessing the hosting server from FileZilla or via other means.

comment:7 Changed on May 23, 2017 at 10:06:59 AM by dkocher

  • Resolution set to thirdparty
  • Status changed from reopened to closed

The server of your SFTP account. Please contact the hosting service provider for a fix.

Note: See TracTickets for help on using tickets.
swiss made software