Troubleshooting 'Failed to Negotiate Algorithms' Alerts in SSH Monitoring

Troubleshooting 'Failed to Negotiate Algorithms' Alerts in SSH Monitoring

Failed to Negotiate Algorithms – Critical Alerts in SSH Mode

The "failed to negotiate algorithms" exception occurs when an SSH client and server cannot agree on a common cryptographic algorithm for secure communication. This prevents the SSH connection from being established.

When an SSH connection is initiated, both client and server exchange supported cryptographic algorithms, including:
  1. Key Exchange Algorithms – Used to establish a secure connection.
  2. Ciphers – Used for encrypting data.
  3. Message Authentication Codes (MACs) – Ensure message integrity.
If there is no common algorithm between the Applications Manager SSH client and the monitored server, a failed to negotiate algorithms error occurs.

Troubleshooting Steps
  1. Log in to the target server (monitored via SSH).
  2. Open the SSH configuration file:
    Quote
    sudo vi /etc/ssh/sshd_config
  3. Search for the Cipher, KexAlgorithm, and MACs directives.
  4. Ensure these directives are not commented out (remove # if present) and note down the values listed for each directive.
  5. In Applications Manager, navigate to Settings → Performance Polling → SSH Connection Settings
  6. Locate the Allowed Ciphers, Key Exchanges, and MACs and compare these with the values from the target server.
  7. If no common algorithm exists across the directives, a critical alert will be triggered.

Fixing the Issue

Option 1: Update Applications Manager SSH Settings
  1. Enable the missing algorithms in Applications Manager's SSH settings (under the respective directive).
  2. Restart Applications Manager for changes to take effect.
Option 2: Modify SSH Configuration on the Target Server
Alert
Create a backup of sshd_config before modifying it: sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
  1. Open the SSH configuration file: 
    Quote
    sudo vi /etc/ssh/sshd_config
  2. Locate and update the following directives to match the supported algorithms in Applications Manager:
    Quote
    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com
    MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1
    KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
    ,ecdh-sha2-nistp256
  3. Save the file and exit.
  4. Restart the SSH service: 
    Quote
    sudo systemctl restart sshd
  5. Verify SSH is running: 
    Quote
    sudo systemctl status sshd
Notes
Final Verification
  • Try reconnecting to the SSH server via Applications Manager.
  • If the issue persists, check system logs for SSH errors using: sudo journalctl -u sshd --no-pager | tail -n 20


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products