How to solve algorithm negotiation fail when you can't change the sshd file?

Question

com.jcraft.jsch.JSchException: Algorithm negotiation fail
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:590)
    at com.jcraft.jsch.Session.connect(Session.java:320)
    at com.jcraft.jsch.Session.connect(Session.java:183)
    at com.cashfree.common.dexterreport.sftp.SftpClient.getSftpChannel(SftpClient.java:82)

I am stuck on this, i tried lot's of solution mentioned on the net none worked, the problem is i have to connect to a client to share some files, and we are getting this error

the obvious solution was to change the sshd file but if i can only change it in local only right while the code works from remote and we have to connect to a lot of clients

i tried upgrading the jsch version, nothing worked

Can anyone suggest on how to solve this issue there is fix availabe from mwiede but not sure if it is that much safe or robust, also i came across the comment which says upgrading the wagon ssh version will solve the issue can anyone shed more light on this?

Using jsch version 0.1.55 and java 11

What does 'wagon' mean here? Is the server you are connecting to using OpenSSH, or something else? — dave_thompson_085, Jun 25 '22 at 23:16

score 0 · Answer 1 · answered Jun 24 '22 at 21:47

0

The original JSCH is no longer developed, and it doesn't support modern algorithms that are required to connect to modern versions of OpenSSH.

If you want to use a Java library, then either use the fork of JSCH that contains support for modern algorithms or use Apache MINA, which also supports secure algorithms. While I don't typically code in Java, I think either one should be fine and secure, but if you really insist on a source above all reproach, typically the Apache Software Foundation is considered reputable.

answered Jun 24 '22 at 21:47

bk2204

64,793
6
84
100

Original Jsch is not up to date, but it DOES still work with OpenSSH (using ECDH, ECDSA, and AESCTR). The newest I can easily verify is 8.9 on Ubuntu 22.04, but 9.0 doesn't delete any algorithm, only changes the preference of sntru which doesn't matter. sshj is also a possibility. – dave_thompson_085 Jun 25 '22 at 23:13
I believe I read somewhere that it's ECDSA and ECDH implementations were broken and therefore while it advertises support for them, it doesn't actually work in the real world (at least, it's broken some of the time). – bk2204 Jun 26 '22 at 01:09
I changed our implementation to use sshj by hieronymous and it worked – ss13199 Feb 15 '23 at 05:45

How to solve algorithm negotiation fail when you can't change the sshd file?

1 Answers1