ssh: connection to pi@192.168.X,XX:22 exited: no matching algo kex












0















A router is configured with DD-WRT and features remote SSH access. A raspberry pi computer (Raspbian) is connected to the router's LAN. Once logged into the router via SSH, attempts to SSH from the router into the pi returns:



ssh pi@192.168.8.151



ssh: connection to pi@192.168.8.151:22 exited: no matching algo kex




Shelling into other LAN connected DD-WRT routers from the DD-WRT Gateway is successful.



Questions:




  1. What is the cause of the error message and what can be done to enable SSH access?

  2. What exactly does no matching algo kex imply?


UPDATES



ssh pi@192.168.8.96 -oKexAlgorithms=+diffie-hellman-group1-sha1



WARNING: Ignoring unknown argument
'-oKexAlgorithms=+diffie-hellman-group1-sha1' ssh: connection to
pi@192.168.8.96:22 exited: no matching algo kex




user@raspberrypi:~ $ ssh -V



OpenSSH_6.7p1 Raspbian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016




DD-WRT is running dropbear v0.52:



user@DD-WRT:~ $ ssh -V



WARNING: Ignoring unknown argument '-v' Dropbear client v0.52 Usage:
ssh [options] [user@]host[/port][,[user@]host/port],...] [command]
Options are:




-p
-l
-t Allocate a pty
-T Don't allocate a pty
-N Don't run a remote command
-f Run in background after auth
-y Always accept remote host key if unknown
-s Request a subsystem (use for sftp)
-i (multiple allowed)
-L Local port forwarding
-g Allow remote hosts to connect to forwarded ports
-R Remote port forwarding
-W (default 24576, larger may be faster, max 1MB)
-K (0 is never, default 0)
-I (0 is never, default 0)
-B Netcat-alike forwarding
-J Use program pipe rather than TCP connection










share|improve this question

























  • I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what does ssh -V return on each side? (That is, on the raspberry and on the router?)

    – Ed Grimm
    Mar 8 at 0:52











  • Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.

    – gatorback
    Mar 8 at 1:13








  • 1





    Is adding -oKexAlgorithms=+diffie-hellman-group1-sha1 as ssh parameter solves this question?

    – Geno Chen
    Mar 8 at 1:26











  • @GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.

    – gatorback
    Mar 8 at 2:38
















0















A router is configured with DD-WRT and features remote SSH access. A raspberry pi computer (Raspbian) is connected to the router's LAN. Once logged into the router via SSH, attempts to SSH from the router into the pi returns:



ssh pi@192.168.8.151



ssh: connection to pi@192.168.8.151:22 exited: no matching algo kex




Shelling into other LAN connected DD-WRT routers from the DD-WRT Gateway is successful.



Questions:




  1. What is the cause of the error message and what can be done to enable SSH access?

  2. What exactly does no matching algo kex imply?


UPDATES



ssh pi@192.168.8.96 -oKexAlgorithms=+diffie-hellman-group1-sha1



WARNING: Ignoring unknown argument
'-oKexAlgorithms=+diffie-hellman-group1-sha1' ssh: connection to
pi@192.168.8.96:22 exited: no matching algo kex




user@raspberrypi:~ $ ssh -V



OpenSSH_6.7p1 Raspbian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016




DD-WRT is running dropbear v0.52:



user@DD-WRT:~ $ ssh -V



WARNING: Ignoring unknown argument '-v' Dropbear client v0.52 Usage:
ssh [options] [user@]host[/port][,[user@]host/port],...] [command]
Options are:




-p
-l
-t Allocate a pty
-T Don't allocate a pty
-N Don't run a remote command
-f Run in background after auth
-y Always accept remote host key if unknown
-s Request a subsystem (use for sftp)
-i (multiple allowed)
-L Local port forwarding
-g Allow remote hosts to connect to forwarded ports
-R Remote port forwarding
-W (default 24576, larger may be faster, max 1MB)
-K (0 is never, default 0)
-I (0 is never, default 0)
-B Netcat-alike forwarding
-J Use program pipe rather than TCP connection










share|improve this question

























  • I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what does ssh -V return on each side? (That is, on the raspberry and on the router?)

    – Ed Grimm
    Mar 8 at 0:52











  • Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.

    – gatorback
    Mar 8 at 1:13








  • 1





    Is adding -oKexAlgorithms=+diffie-hellman-group1-sha1 as ssh parameter solves this question?

    – Geno Chen
    Mar 8 at 1:26











  • @GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.

    – gatorback
    Mar 8 at 2:38














0












0








0








A router is configured with DD-WRT and features remote SSH access. A raspberry pi computer (Raspbian) is connected to the router's LAN. Once logged into the router via SSH, attempts to SSH from the router into the pi returns:



ssh pi@192.168.8.151



ssh: connection to pi@192.168.8.151:22 exited: no matching algo kex




Shelling into other LAN connected DD-WRT routers from the DD-WRT Gateway is successful.



Questions:




  1. What is the cause of the error message and what can be done to enable SSH access?

  2. What exactly does no matching algo kex imply?


UPDATES



ssh pi@192.168.8.96 -oKexAlgorithms=+diffie-hellman-group1-sha1



WARNING: Ignoring unknown argument
'-oKexAlgorithms=+diffie-hellman-group1-sha1' ssh: connection to
pi@192.168.8.96:22 exited: no matching algo kex




user@raspberrypi:~ $ ssh -V



OpenSSH_6.7p1 Raspbian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016




DD-WRT is running dropbear v0.52:



user@DD-WRT:~ $ ssh -V



WARNING: Ignoring unknown argument '-v' Dropbear client v0.52 Usage:
ssh [options] [user@]host[/port][,[user@]host/port],...] [command]
Options are:




-p
-l
-t Allocate a pty
-T Don't allocate a pty
-N Don't run a remote command
-f Run in background after auth
-y Always accept remote host key if unknown
-s Request a subsystem (use for sftp)
-i (multiple allowed)
-L Local port forwarding
-g Allow remote hosts to connect to forwarded ports
-R Remote port forwarding
-W (default 24576, larger may be faster, max 1MB)
-K (0 is never, default 0)
-I (0 is never, default 0)
-B Netcat-alike forwarding
-J Use program pipe rather than TCP connection










share|improve this question
















A router is configured with DD-WRT and features remote SSH access. A raspberry pi computer (Raspbian) is connected to the router's LAN. Once logged into the router via SSH, attempts to SSH from the router into the pi returns:



ssh pi@192.168.8.151



ssh: connection to pi@192.168.8.151:22 exited: no matching algo kex




Shelling into other LAN connected DD-WRT routers from the DD-WRT Gateway is successful.



Questions:




  1. What is the cause of the error message and what can be done to enable SSH access?

  2. What exactly does no matching algo kex imply?


UPDATES



ssh pi@192.168.8.96 -oKexAlgorithms=+diffie-hellman-group1-sha1



WARNING: Ignoring unknown argument
'-oKexAlgorithms=+diffie-hellman-group1-sha1' ssh: connection to
pi@192.168.8.96:22 exited: no matching algo kex




user@raspberrypi:~ $ ssh -V



OpenSSH_6.7p1 Raspbian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016




DD-WRT is running dropbear v0.52:



user@DD-WRT:~ $ ssh -V



WARNING: Ignoring unknown argument '-v' Dropbear client v0.52 Usage:
ssh [options] [user@]host[/port][,[user@]host/port],...] [command]
Options are:




-p
-l
-t Allocate a pty
-T Don't allocate a pty
-N Don't run a remote command
-f Run in background after auth
-y Always accept remote host key if unknown
-s Request a subsystem (use for sftp)
-i (multiple allowed)
-L Local port forwarding
-g Allow remote hosts to connect to forwarded ports
-R Remote port forwarding
-W (default 24576, larger may be faster, max 1MB)
-K (0 is never, default 0)
-I (0 is never, default 0)
-B Netcat-alike forwarding
-J Use program pipe rather than TCP connection







ssh






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 8 at 2:34







gatorback

















asked Mar 8 at 0:24









gatorbackgatorback

297112




297112













  • I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what does ssh -V return on each side? (That is, on the raspberry and on the router?)

    – Ed Grimm
    Mar 8 at 0:52











  • Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.

    – gatorback
    Mar 8 at 1:13








  • 1





    Is adding -oKexAlgorithms=+diffie-hellman-group1-sha1 as ssh parameter solves this question?

    – Geno Chen
    Mar 8 at 1:26











  • @GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.

    – gatorback
    Mar 8 at 2:38



















  • I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what does ssh -V return on each side? (That is, on the raspberry and on the router?)

    – Ed Grimm
    Mar 8 at 0:52











  • Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.

    – gatorback
    Mar 8 at 1:13








  • 1





    Is adding -oKexAlgorithms=+diffie-hellman-group1-sha1 as ssh parameter solves this question?

    – Geno Chen
    Mar 8 at 1:26











  • @GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.

    – gatorback
    Mar 8 at 2:38

















I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what does ssh -V return on each side? (That is, on the raspberry and on the router?)

– Ed Grimm
Mar 8 at 0:52





I think it's something to do with the software versions being a bit too different. I feel like that's too vague to be an Answer, but it could be a starting point to look at. I mean, what does ssh -V return on each side? (That is, on the raspberry and on the router?)

– Ed Grimm
Mar 8 at 0:52













Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.

– gatorback
Mar 8 at 1:13







Great idea: results posted for analysis & comments :) Because I can access the rPi from Putty and an Ubuntu CLI, I am inclined to think the problem is on the DD-WRT (dropbear?) side.

– gatorback
Mar 8 at 1:13






1




1





Is adding -oKexAlgorithms=+diffie-hellman-group1-sha1 as ssh parameter solves this question?

– Geno Chen
Mar 8 at 1:26





Is adding -oKexAlgorithms=+diffie-hellman-group1-sha1 as ssh parameter solves this question?

– Geno Chen
Mar 8 at 1:26













@GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.

– gatorback
Mar 8 at 2:38





@GenoChen Results of suggestion posted in updates. Uncertain if syntax is correct: suggestions appreciated.

– gatorback
Mar 8 at 2:38










2 Answers
2






active

oldest

votes


















0














Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.






share|improve this answer































    0














    Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.



    Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.



    I'd personally recommend you apply available updates to both products, but I'd do the router first.






    share|improve this answer
























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "106"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f505036%2fssh-connection-to-pi192-168-x-xx22-exited-no-matching-algo-kex%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      0














      Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.






      share|improve this answer




























        0














        Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.






        share|improve this answer


























          0












          0








          0







          Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.






          share|improve this answer













          Try checking both the SSH client and server cyphers. Probably your (up to date) client has some outdated cyphers disabled, and the client and server cypher list don't match.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 8 at 1:05









          JucaPiramaJucaPirama

          1215




          1215

























              0














              Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.



              Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.



              I'd personally recommend you apply available updates to both products, but I'd do the router first.






              share|improve this answer




























                0














                Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.



                Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.



                I'd personally recommend you apply available updates to both products, but I'd do the router first.






                share|improve this answer


























                  0












                  0








                  0







                  Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.



                  Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.



                  I'd personally recommend you apply available updates to both products, but I'd do the router first.






                  share|improve this answer













                  Your Raspberry Pi's ssh software is a little old, but in this case, that actually made this issue less likely to occur.



                  Your DD-WRT software is from 2008, which is ancient in terms of IT Security. dropbear isn't even using that style of version number any more (current is apparently 2018.76). That really should be updated for a lot of other reasons, but also this.



                  I'd personally recommend you apply available updates to both products, but I'd do the router first.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Mar 8 at 1:34









                  Ed GrimmEd Grimm

                  49818




                  49818






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f505036%2fssh-connection-to-pi192-168-x-xx22-exited-no-matching-algo-kex%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      How to make a Squid Proxy server?

                      Is this a new Fibonacci Identity?

                      19世紀