|
|
SSH error - no kex alg
|
|
|
|
Mac Elite
Join Date: Dec 2003
Status:
Offline
|
|
Not sure if this is the most appropriate forum, but MacNN seems to have done away with the Unix board and I figured you developer types would be smart cookies. I'm trying to enable remote login on my computer, and I did the standard System Prefs >> Sharing >> Check the little remote login box. The error, as far as I can tell, is not coming from SSH not being enabled, my firewall/router or anything. When I try to use SSH, I get this:
$ ssh -l user remotehost.com
no kex alg
Even if I go to that computer, "remotehost", and do
$ ssh -l user localhost
I get the same error. From what I can tell, no kex alg means no key-exchange algorithm but that doesn't... help me
Any thoughts?
(
Last edited by Jaey; Sep 4, 2007 at 08:43 PM.
)
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2003
Status:
Offline
|
|
Code:
OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/user/.ssh/identity type 0
debug1: identity file /Users/user/.ssh/id_rsa type 1
debug1: identity file /Users/user/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: An invalid name was supplied
Configuration file does not specify default realm
debug1: An invalid name was supplied
Configuration file does not specify default realm
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
no kex alg
As you can see, I'm on the remotehost at this moment. I examined this verbose bit earlier, and, not really knowing anything, tried the -4 option to force IPv4, which did nothing at all except change ::1 to 127.0.0.1.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
What machine are you trying to connect to? It is trying to connect to the machine you are on. Do you have any entries in /etc/hosts?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2003
Status:
Offline
|
|
Sorry it wasn't clear: I'm currently testing ssh on the machine I want to connect to. The above was from ssh -v user@localhost. I get the same error from a different client outside of my network, so I figured the problem was with this machine. cat /etc/hosts shows
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
EDIT: I realize that there was a typo in my first post. I meant to say that running ssh localhost on the remotehost machine gave the same error.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Can we see a ssh -v you@yourmachine from the machine you want to use to connect to your home computer?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2003
Status:
Offline
|
|
Code:
OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to remoteboxip [remoteboxip] port 22.
debug1: Connection established.
debug1: identity file /Users/user/.ssh/identity type -1
debug1: identity file /Users/user/.ssh/id_rsa type 1
debug1: identity file /Users/user/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
no kex alg
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Have you altered your SSH config file? Can you do a:
Code:
sudo cat /etc/sshd_config
on your home computer, and:
Code:
sudo cat /etc/ssh_config
on your remote computer?
Have you changed any aspect of your configuration, particularly how you authenticate? I'm thinking that perhaps you disabled password authentication (which I'm assuming is what you want), and as a secondary form of authentication your remote machine is unable to offer its public key (or else the server is not configured to accept it).
Also, check to see if you have any files in:
on both machines...
Let us know if you have been playing around with any OpenSSH configuration options or can think of something else which might provide some context here.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2003
Status:
Offline
|
|
Thanks for your help (and patience), by the way. I have been messing with SSH on the computer that I want to connect to (I'll call it the server), but I didn't start until I saw that error. I was doing things like generating keys and the like. You're right in saying that I want password authentication, and it's entirely possible that I disabled it unwittingly.
I uploaded the contents of /etc/ssh_config to a cheap Tripod account because it seemed obnoxiously long.
"Server" computer (The one I'm connecting to)
"Client" computer (The one I'm connecting with)
On the client machine:
Code:
Client:~/.ssh user$ ls -a
. .. known_hosts
known_hosts does not happen to contain a key for my server computer, if that's of interest.
On the server machine:
Code:
Server:~/.ssh user$ ls -a
. authorized_keys2 identity.pub
.. id_rsa known_hosts
.DS_Store id_rsa.pub
authorized_keys identity
The server machine, as you can see, was the one I was messing around with. I can't remember editing any config files, though I'm sure at some point in the past I've modified /etc/hosts
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Jaey, I haven't looked at your SSH config files yet, but I can see that you have some RSA based public keys on the server. YOu'll want to get rid of those, as newer versions of OpenSSH create DSA keys. When you create your public/private key pair, you should do a:
Let me know if the problem still persists without those RSA based keys in there...
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
I don't see anything weird with your config files.. they are identical to mine.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2003
Status:
Offline
|
|
Originally Posted by besson3c
Let me know if the problem still persists without those RSA based keys in there...
It does
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
So, no public/private keys in your .ssh directory? Can you provide us the same ssh -v output from your remote machine like you did before? You might want to try simply blowing away your .ssh directories, or renaming them.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Sep 2007
Status:
Offline
|
|
This is interesting, as I just enabled the ssh server today on my MacBook. I too experienced the "no kex alg" messages when trying to ssh into the Mac.
I looked at /var/log/system.log and found these messages:
sshd[417]: error: Could not load host key: /etc/ssh_host_key
sshd[417]: error: Could not load host key: /etc/ssh_host_rsa_key
sshd[417]: error: Could not load host key: /etc/ssh_host_dsa_key
Sure enough, these keys were not present. On my Linux box, these files are automatically generated when the openssh server is installed, although they are placed one directly lower, in /etc/ssh.
So as root I ran "ssh-keygen -t rsa" and when prompted where to place the file, instead of the default (which is to name it /var/root/.ssh/id_[rsa|dsa]), I instead specified /etc/ssh_host_rsa.key (and likewise for dsa). Lo and behold, after this was done, I could remotely ssh into the MacBook.
The notebook is running OS X 10.4.10 with up-to-date software updates.
Hopefully this will work for you too . . .
Cheers,
Kevin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|