ssh: connection to pi@192.168.X,XX:22 exited: no matching algo kex
A router is configured with DD-WRT and features remote SSH access. A raspberry pi computer (Raspbian) is connected to the router's LAN. Once logged into the router via SSH, attempts to SSH from the router into the pi returns:
ssh pi@192.168.8.151
ssh: connection to pi@192.168.8.151:22 exited: no matching algo kex
Shelling into other LAN connected DD-WRT routers from the DD-WRT Gateway is successful.
Questions:
- What is the cause of the error message and what can be done to enable SSH access?
- What exactly does
no matching algo kex
imply?
UPDATES
ssh pi@192.168.8.96 -oKexAlgorithms=+diffie-hellman-group1-sha1
WARNING: Ignoring unknown argument
'-oKexAlgorithms=+diffie-hellman-group1-sha1' ssh: connection to
pi@192.168.8.96:22 exited: no matching algo kex
user@raspberrypi:~ $ ssh -V
OpenSSH_6.7p1 Raspbian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016
DD-WRT is running dropbear v0.52:
user@DD-WRT:~ $ ssh -V
WARNING: Ignoring unknown argument '-v' Dropbear client v0.52 Usage:
ssh [options] [user@]host[/port][,[user@]host/port],...] [command]
Options are:
-p
-l
-t Allocate a pty
-T Don't allocate a pty
-N Don't run a remote command
-f Run in background after auth
-y Always accept remote host key if unknown
-s Request a subsystem (use for sftp)
-i (multiple allowed)
-L Local port forwarding
-g Allow remote hosts to connect to forwarded ports
-R Remote port forwarding
-W (default 24576, larger may be faster, max 1MB)
-K (0 is never, default 0)
-I (0 is never, default 0)
-B Netcat-alike forwarding
-J Use program pipe rather than TCP connection
ssh
add a comment |
A router is configured with DD-WRT and features remote SSH access. A raspberry pi computer (Raspbian) is connected to the router's LAN. Once logged into the router via SSH, attempts to SSH from the router into the pi returns:
ssh pi@192.168.8.151
ssh: connection to pi@192.168.8.151:22 exited: no matching algo kex
Shelling into other LAN connected DD-WRT routers from the DD-WRT Gateway is successful.
Questions:
- What is the cause of the error message and what can be done to enable SSH access?
- What exactly does
no matching algo kex
imply?
UPDATES
ssh pi@192.168.8.96 -oKexAlgorithms=+diffie-hellman-group1-sha1
WARNING: Ignoring unknown argument
'-oKexAlgorithms=+diffie-hellman-group1-sha1' ssh: connection to
pi@192.168.8.96:22 exited: no matching algo kex
user@raspberrypi:~ $ ssh -V
OpenSSH_6.7p1 Raspbian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016
DD-WRT is running dropbear v0.52:
user@DD-WRT:~ $ ssh -V
WARNING: Ignoring unknown argument '-v' Dropbear client v0.52 Usage:
ssh [options] [user@]host[/port][,[user@]host/port],...] [command]
Options are:
-p
-l
-t Allocate a pty
-T Don't allocate a pty
-N Don't run a remote command
-f Run in background after auth
-y Always accept remote host key if unknown
-s Request a subsystem (use for sftp)
-i (multiple allowed)
-L Local port forwarding
-g Allow remote hosts to connect to forwarded ports
-R Remote port forwarding
-W (default 24576, larger may be faster, max 1MB)
-K (0 is never, default 0)
-I (0 is never, default 0)
-B Netcat-alike forwarding
-J Use program pipe rather than TCP connection
ssh
I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what doesssh -V
return on each side? (That is, on the raspberry and on the router?)
– Ed Grimm
Mar 8 at 0:52
Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.
– gatorback
Mar 8 at 1:13
1
Is adding-oKexAlgorithms=+diffie-hellman-group1-sha1
asssh
parameter solves this question?
– Geno Chen
Mar 8 at 1:26
@GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.
– gatorback
Mar 8 at 2:38
add a comment |
A router is configured with DD-WRT and features remote SSH access. A raspberry pi computer (Raspbian) is connected to the router's LAN. Once logged into the router via SSH, attempts to SSH from the router into the pi returns:
ssh pi@192.168.8.151
ssh: connection to pi@192.168.8.151:22 exited: no matching algo kex
Shelling into other LAN connected DD-WRT routers from the DD-WRT Gateway is successful.
Questions:
- What is the cause of the error message and what can be done to enable SSH access?
- What exactly does
no matching algo kex
imply?
UPDATES
ssh pi@192.168.8.96 -oKexAlgorithms=+diffie-hellman-group1-sha1
WARNING: Ignoring unknown argument
'-oKexAlgorithms=+diffie-hellman-group1-sha1' ssh: connection to
pi@192.168.8.96:22 exited: no matching algo kex
user@raspberrypi:~ $ ssh -V
OpenSSH_6.7p1 Raspbian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016
DD-WRT is running dropbear v0.52:
user@DD-WRT:~ $ ssh -V
WARNING: Ignoring unknown argument '-v' Dropbear client v0.52 Usage:
ssh [options] [user@]host[/port][,[user@]host/port],...] [command]
Options are:
-p
-l
-t Allocate a pty
-T Don't allocate a pty
-N Don't run a remote command
-f Run in background after auth
-y Always accept remote host key if unknown
-s Request a subsystem (use for sftp)
-i (multiple allowed)
-L Local port forwarding
-g Allow remote hosts to connect to forwarded ports
-R Remote port forwarding
-W (default 24576, larger may be faster, max 1MB)
-K (0 is never, default 0)
-I (0 is never, default 0)
-B Netcat-alike forwarding
-J Use program pipe rather than TCP connection
ssh
A router is configured with DD-WRT and features remote SSH access. A raspberry pi computer (Raspbian) is connected to the router's LAN. Once logged into the router via SSH, attempts to SSH from the router into the pi returns:
ssh pi@192.168.8.151
ssh: connection to pi@192.168.8.151:22 exited: no matching algo kex
Shelling into other LAN connected DD-WRT routers from the DD-WRT Gateway is successful.
Questions:
- What is the cause of the error message and what can be done to enable SSH access?
- What exactly does
no matching algo kex
imply?
UPDATES
ssh pi@192.168.8.96 -oKexAlgorithms=+diffie-hellman-group1-sha1
WARNING: Ignoring unknown argument
'-oKexAlgorithms=+diffie-hellman-group1-sha1' ssh: connection to
pi@192.168.8.96:22 exited: no matching algo kex
user@raspberrypi:~ $ ssh -V
OpenSSH_6.7p1 Raspbian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016
DD-WRT is running dropbear v0.52:
user@DD-WRT:~ $ ssh -V
WARNING: Ignoring unknown argument '-v' Dropbear client v0.52 Usage:
ssh [options] [user@]host[/port][,[user@]host/port],...] [command]
Options are:
-p
-l
-t Allocate a pty
-T Don't allocate a pty
-N Don't run a remote command
-f Run in background after auth
-y Always accept remote host key if unknown
-s Request a subsystem (use for sftp)
-i (multiple allowed)
-L Local port forwarding
-g Allow remote hosts to connect to forwarded ports
-R Remote port forwarding
-W (default 24576, larger may be faster, max 1MB)
-K (0 is never, default 0)
-I (0 is never, default 0)
-B Netcat-alike forwarding
-J Use program pipe rather than TCP connection
ssh
ssh
edited Mar 8 at 2:34
gatorback
asked Mar 8 at 0:24
gatorbackgatorback
297112
297112
I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what doesssh -V
return on each side? (That is, on the raspberry and on the router?)
– Ed Grimm
Mar 8 at 0:52
Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.
– gatorback
Mar 8 at 1:13
1
Is adding-oKexAlgorithms=+diffie-hellman-group1-sha1
asssh
parameter solves this question?
– Geno Chen
Mar 8 at 1:26
@GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.
– gatorback
Mar 8 at 2:38
add a comment |
I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what doesssh -V
return on each side? (That is, on the raspberry and on the router?)
– Ed Grimm
Mar 8 at 0:52
Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.
– gatorback
Mar 8 at 1:13
1
Is adding-oKexAlgorithms=+diffie-hellman-group1-sha1
asssh
parameter solves this question?
– Geno Chen
Mar 8 at 1:26
@GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.
– gatorback
Mar 8 at 2:38
I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what does
ssh -V
return on each side? (That is, on the raspberry and on the router?)– Ed Grimm
Mar 8 at 0:52
I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what does
ssh -V
return on each side? (That is, on the raspberry and on the router?)– Ed Grimm
Mar 8 at 0:52
Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.
– gatorback
Mar 8 at 1:13
Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.
– gatorback
Mar 8 at 1:13
1
1
Is adding
-oKexAlgorithms=+diffie-hellman-group1-sha1
as ssh
parameter solves this question?– Geno Chen
Mar 8 at 1:26
Is adding
-oKexAlgorithms=+diffie-hellman-group1-sha1
as ssh
parameter solves this question?– Geno Chen
Mar 8 at 1:26
@GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.
– gatorback
Mar 8 at 2:38
@GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.
– gatorback
Mar 8 at 2:38
add a comment |
2 Answers
2
active
oldest
votes
Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.
add a comment |
Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.
Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.
I'd personally recommend you apply available updates to both products, but I'd do the router first.
add a comment |
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f505036%2fssh-connection-to-pi192-168-x-xx22-exited-no-matching-algo-kex%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.
add a comment |
Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.
add a comment |
Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.
Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.
answered Mar 8 at 1:05
JucaPiramaJucaPirama
1215
1215
add a comment |
add a comment |
Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.
Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.
I'd personally recommend you apply available updates to both products, but I'd do the router first.
add a comment |
Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.
Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.
I'd personally recommend you apply available updates to both products, but I'd do the router first.
add a comment |
Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.
Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.
I'd personally recommend you apply available updates to both products, but I'd do the router first.
Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.
Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.
I'd personally recommend you apply available updates to both products, but I'd do the router first.
answered Mar 8 at 1:34
Ed GrimmEd Grimm
49818
49818
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f505036%2fssh-connection-to-pi192-168-x-xx22-exited-no-matching-algo-kex%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what does
ssh -V
return on each side? (That is, on the raspberry and on the router?)– Ed Grimm
Mar 8 at 0:52
Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.
– gatorback
Mar 8 at 1:13
1
Is adding
-oKexAlgorithms=+diffie-hellman-group1-sha1
asssh
parameter solves this question?– Geno Chen
Mar 8 at 1:26
@GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.
– gatorback
Mar 8 at 2:38