Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Developer Center > SSH error - no kex alg

SSH error - no kex alg
Thread Tools
Jaey
Mac Elite
Join Date: Dec 2003
Status: Offline
Reply With Quote
Sep 4, 2007, 05:48 PM
 
Not sure if this is the most appropriate forum, but MacNN seems to have done away with the Unix board and I figured you developer types would be smart cookies. I'm trying to enable remote login on my computer, and I did the standard System Prefs >> Sharing >> Check the little remote login box. The error, as far as I can tell, is not coming from SSH not being enabled, my firewall/router or anything. When I try to use SSH, I get this:

$ ssh -l user remotehost.com
no kex alg

Even if I go to that computer, "remotehost", and do

$ ssh -l user localhost

I get the same error. From what I can tell, no kex alg means no key-exchange algorithm but that doesn't... help me

Any thoughts?
( Last edited by Jaey; Sep 4, 2007 at 08:43 PM. )
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 4, 2007, 06:30 PM
 
What do you see when you do:

ssh -v [email protected] ?
     
Jaey  (op)
Mac Elite
Join Date: Dec 2003
Status: Offline
Reply With Quote
Sep 4, 2007, 07:57 PM
 
Code:
OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to localhost [::1] port 22. debug1: Connection established. debug1: identity file /Users/user/.ssh/identity type 0 debug1: identity file /Users/user/.ssh/id_rsa type 1 debug1: identity file /Users/user/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5 debug1: match: OpenSSH_4.5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.5 debug1: An invalid name was supplied Configuration file does not specify default realm debug1: An invalid name was supplied Configuration file does not specify default realm debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none no kex alg
As you can see, I'm on the remotehost at this moment. I examined this verbose bit earlier, and, not really knowing anything, tried the -4 option to force IPv4, which did nothing at all except change ::1 to 127.0.0.1.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 4, 2007, 07:58 PM
 
What machine are you trying to connect to? It is trying to connect to the machine you are on. Do you have any entries in /etc/hosts?
     
Jaey  (op)
Mac Elite
Join Date: Dec 2003
Status: Offline
Reply With Quote
Sep 4, 2007, 08:42 PM
 
Sorry it wasn't clear: I'm currently testing ssh on the machine I want to connect to. The above was from ssh -v user@localhost. I get the same error from a different client outside of my network, so I figured the problem was with this machine. cat /etc/hosts shows

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost

EDIT: I realize that there was a typo in my first post. I meant to say that running ssh localhost on the remotehost machine gave the same error.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 4, 2007, 10:32 PM
 
Can we see a ssh -v you@yourmachine from the machine you want to use to connect to your home computer?
     
Jaey  (op)
Mac Elite
Join Date: Dec 2003
Status: Offline
Reply With Quote
Sep 5, 2007, 12:37 AM
 
Code:
OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to remoteboxip [remoteboxip] port 22. debug1: Connection established. debug1: identity file /Users/user/.ssh/identity type -1 debug1: identity file /Users/user/.ssh/id_rsa type 1 debug1: identity file /Users/user/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5 debug1: match: OpenSSH_4.5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.5 debug1: Miscellaneous failure No credentials cache found debug1: Miscellaneous failure No credentials cache found debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none no kex alg
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 5, 2007, 01:11 AM
 
Have you altered your SSH config file? Can you do a:

Code:
sudo cat /etc/sshd_config
on your home computer, and:

Code:
sudo cat /etc/ssh_config
on your remote computer?


Have you changed any aspect of your configuration, particularly how you authenticate? I'm thinking that perhaps you disabled password authentication (which I'm assuming is what you want), and as a secondary form of authentication your remote machine is unable to offer its public key (or else the server is not configured to accept it).

Also, check to see if you have any files in:

Code:
~/.ssh
on both machines...

Let us know if you have been playing around with any OpenSSH configuration options or can think of something else which might provide some context here.
     
Jaey  (op)
Mac Elite
Join Date: Dec 2003
Status: Offline
Reply With Quote
Sep 5, 2007, 10:05 PM
 
Thanks for your help (and patience), by the way. I have been messing with SSH on the computer that I want to connect to (I'll call it the server), but I didn't start until I saw that error. I was doing things like generating keys and the like. You're right in saying that I want password authentication, and it's entirely possible that I disabled it unwittingly.

I uploaded the contents of /etc/ssh_config to a cheap Tripod account because it seemed obnoxiously long.

"Server" computer (The one I'm connecting to)
"Client" computer (The one I'm connecting with)

On the client machine:
Code:
Client:~/.ssh user$ ls -a . .. known_hosts
known_hosts does not happen to contain a key for my server computer, if that's of interest.

On the server machine:
Code:
Server:~/.ssh user$ ls -a . authorized_keys2 identity.pub .. id_rsa known_hosts .DS_Store id_rsa.pub authorized_keys identity
The server machine, as you can see, was the one I was messing around with. I can't remember editing any config files, though I'm sure at some point in the past I've modified /etc/hosts
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 5, 2007, 10:08 PM
 
Jaey, I haven't looked at your SSH config files yet, but I can see that you have some RSA based public keys on the server. YOu'll want to get rid of those, as newer versions of OpenSSH create DSA keys. When you create your public/private key pair, you should do a:

Code:
ssh-keygen -t dsa
Let me know if the problem still persists without those RSA based keys in there...
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 5, 2007, 10:16 PM
 
I don't see anything weird with your config files.. they are identical to mine.
     
Jaey  (op)
Mac Elite
Join Date: Dec 2003
Status: Offline
Reply With Quote
Sep 6, 2007, 07:14 PM
 
Originally Posted by besson3c View Post
Let me know if the problem still persists without those RSA based keys in there...
It does
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 6, 2007, 07:22 PM
 
So, no public/private keys in your .ssh directory? Can you provide us the same ssh -v output from your remote machine like you did before? You might want to try simply blowing away your .ssh directories, or renaming them.
     
nywxguy
Fresh-Faced Recruit
Join Date: Sep 2007
Status: Offline
Reply With Quote
Sep 7, 2007, 04:24 PM
 
This is interesting, as I just enabled the ssh server today on my MacBook. I too experienced the "no kex alg" messages when trying to ssh into the Mac.

I looked at /var/log/system.log and found these messages:

sshd[417]: error: Could not load host key: /etc/ssh_host_key
sshd[417]: error: Could not load host key: /etc/ssh_host_rsa_key
sshd[417]: error: Could not load host key: /etc/ssh_host_dsa_key

Sure enough, these keys were not present. On my Linux box, these files are automatically generated when the openssh server is installed, although they are placed one directly lower, in /etc/ssh.

So as root I ran "ssh-keygen -t rsa" and when prompted where to place the file, instead of the default (which is to name it /var/root/.ssh/id_[rsa|dsa]), I instead specified /etc/ssh_host_rsa.key (and likewise for dsa). Lo and behold, after this was done, I could remotely ssh into the MacBook.

The notebook is running OS X 10.4.10 with up-to-date software updates.

Hopefully this will work for you too . . .

Cheers,

Kevin
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 08:26 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,