exception during logging in Failed to negotiate a transport component

exception during logging in Failed to negotiate a transport component

Problem :-

exception during logging in Failed to negotiate a transport component [diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1] [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1] [Unknown cause]

Solution :-

If the above exception occurs, check the algorithms. In this case [diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1] algorithms are used by local server. 

Whereas remote server uses [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1] these algorithms.

This is the reason for this issue. To overcome this issue follow the below steps.

Steps to make the changes. These steps to be done using root user privilege.

  • Go to directory /etc/sshd/
  • stop sshd services using the command /etc/init.d/sshd stop.
  • Take a backup of file sshd_config.
  • Open the file sshd_config.
  • Add the below entry in the last line.
    KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

    start sshd services using the command /etc/init.d/sshd start.

The KexAlgorithms given here was taken from one of the customers problematic server. If you face this issue for any other customer append the additional algorithm which we get from the above exception to the already existing algorithms in the remote server.


Old version of ssh servers don't support adding KexAlgorithms in sshd_config file.
To verify whether the target server's ssh supports adding KexAlgorithms or not.

Type man sshd_config in command prompt.
Keep on entering the key board until you reach keys which starts with 'K'.
If you are able to see the key "KexAlgorithms", then target server supports this, and you can add as mentioned above.







                  New to ADSelfService Plus?

                    • Related Articles

                    • Troubleshooting 'Failed to Negotiate Algorithms' Alerts in SSH Monitoring

                      Failed to Negotiate Algorithms – Critical Alerts in SSH Mode The "failed to negotiate algorithms" exception occurs when an SSH client and server cannot agree on a common cryptographic algorithm for secure communication. This prevents the SSH ...
                    • Troubleshooting Authentication Failed error

                      Authentication Failure Authentication failure occurs when the request to a resource is missing or has invalid credentials. Check if URL requires authentication Access the URL in an incognito/private window and check if any pop up asking for ...
                    • LDAP - Unable to find valid SSL Certificate

                      If there is an error while adding LDAP Server Monitor with the message "Unable to find valid SSL Certificate", then please try the below steps to troubleshoot the issue. When the error occurs we can find the below traces in the "stderr.txt.*" log ...
                    • Failed, Exception Unsupported protocol

                      The client connection to WebLogic server is made using T3 protocol. You will obtain this error message if T3 is not enabled. To enable T3 protocol in WebLogic Server 8.x: Go to the WebLogic console. Click on Servers and select the respective server. ...
                    • Microsoft Azure - Troubleshooting on "Authentication Failed" error for Azure Organizational Account mode

                      "Authentication Failed. Access is Denied for the provided Azure Organizational Account Credentials" - Error message upon adding a New Azure monitor using Azure Organizational Account mode. Troubleshooting: Check if the provided User Email & Password ...