0

I am using JNC 1.0 & ganymed-ssh-2 v262 to establish a Netconf session over SSH to a Cisco Confd node and getting the following error. What could be the reason?

java.io.IOException: Key exchange was not finished, connection is closed. at ch.ethz.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:75) at ch.ethz.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:169) at ch.ethz.ssh2.Connection.connect(Connection.java:759) at com.tailf.jnc.SSHConnection.(Unknown Source) at com.tailf.jnc.Device.connect(Unknown Source) at com.tailf.jnc.Device.connect(Unknown Source) .... java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165) Caused by: java.io.IOException: Cannot negotiate, proposals do not match. at ch.ethz.ssh2.transport.ClientKexManager.handleMessage(ClientKexManager.java:123) at ch.ethz.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:572) at ch.ethz.ssh2.transport.TransportManager$1.run(TransportManager.java:261) at java.base/java.lang.Thread.run(Thread.java:833)

Mohan
  • 129
  • 8

1 Answers1

1
java.io.IOException: Key exchange was not finished, connection is closed.

...
...

Caused by: java.io.IOException: Cannot negotiate, proposals do not match.

It means that there is a mismatch between the supported key exchange algorithms on the client and those supported by the server.

I'd advice to update ganymed-ssh-2 to v263. Apparently the latest version has added support for the following kex algorithms:

diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512

You can check what the server supports by using ssh's debug flag on a terminal:

ssh -vvv user@host
AndroidX
  • 558
  • 4
  • 15
  • Thanks for the response. I downloaded the ganymed-ssh2-263-sources.jar and added to my project's build path. The problem resolved now. Source: https://github.com/SoftwareAG/ganymed-ssh-2/releases/tag/ganymed-ssh2-263 – Mohan Jul 01 '22 at 03:37