Troubleshooting
Problem
"Algorithm negotiation failed" error message appears on connection attempt to HSTS 4.1 on Windows OS.
Symptom
Cause
No matching encryption algorithms on the Server side to establish connection with the Client.
Environment
- HSTS 4.1 on Windows OS
Diagnosing The Problem
Enable SSH logging on the Windows Server with HSTS:
- Open Windows Registry Editor: regedit
- Find the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshd\Parameters\AppArgs
- Replace the value -D with -D -e
- Restart OpenSSH in Windows services.
- Test Connection to the HSTS
- Check for error messages in sshd log file: c:\Program Files\Aspera\Enterprise Server\var\log\sshd.log
Unable to negotiate with 10.0.120.44 port 57323: no matching key exchange method found. Their offer:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
Resolving The Problem
Replace the following line in c:\Program Files\Aspera\Enterprise Server\etc\sshd_config
KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
with:
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
Restart OpenSSH Service in Windows Services.
Test connection to the HSTS.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSL85S","label":"IBM Aspera High-Speed Transfer Server (HSTS)"},"ARM Category":[{"code":"a8m0z0000001iijAAA","label":"HSTS High Speed Transfer Server->HSTS Troubleshooting"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"4.1.0"}]
Was this topic helpful?
Document Information
Modified date:
27 July 2021
UID
ibm16475117