Devart Forums

When I try to connect using SSHClient I always receive the error message

"The negotiation of encryption algorithm is failed."

I have downloaded the public key and imported it into ScFileStorage.

I have connected using Putty and they both show the same fingerprint.
I have also connected successfully with FileZilla and Navicat.

I have the following settings in ScSSHClient:

Authentication: atPassword
HostKeyAlgorithms: ssh-rsa
HostKeyName: ssh_host_rsa_key
HostName: myServer
KeyStorage: sshFileStorage
User: myUser
Password: myPassword
Port: 22
PrivateKeyName: blank

I have also tried using your demo and changing the settings in there, including importing the key file, to no avail.

Any help would be appreciated.

Update: I have successfully connected using ChillKat in Delphi.

Anybody from Devart going to respond?

If you need any further info, please ask.

This error can be raised if setted client encryption algorithms have no compliance with server algorithms.
To solve the problem, set the TScSSHClient.CiphersClient and CiphersServer properties to the 'blowfish-cbc,cast128-cbc,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc' value.
If it does not solve the problem, check that your SSH server supports one of these algorithms.

Thanks for your reply, Viktor

However, my SSH server supports all of the Ciphers specified by SecureBridge.

If it helps my server is OpenSSH for Windows.

I have just tried some cipher settings in the config file of the OpenSSH server and ... it now works!

OpenSSH is supposed to support all the ciphers by default according to the documentation, but it now works after I have specified the ciphers in the config file.

In OpenSSH/etc/sshd_config I have added the line

Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

Restarted the process and now the Client connects!

Thanks Viktor for putting me on the right track.

Glad to see that the issue was resolved.
Feel free to contact us if you have any further questions about SecureBridge.

Using the example SFTP client and setting

ScSSHClient.CiphersClient.AsString := 'blowfish-cbc, cast128-cbc, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc';

Did not work. I continue to get the "The negotiation of encryption algorithm is failed."

With no control over the server what else could be the issue?

Since I am trying to avoid using other ActiveX components hopefully you can help.

To solve the problem, please try to set the TScSSHClient.CiphersClient and CiphersServer properties to the 'blowfish-ctr,3des-ctr,cast128-ctr,aes128-ctr,aes192-ctr,aes256-ctr' value.

How would that be different other than the order and less options? Regardless we used your Cipher string for both client and server but no help. We continue to get the same error message.

ScSSHClient.CiphersClient.AsString := 'blowfish-ctr,3des-ctr,cast128-ctr,aes128-ctr,aes192-ctr,aes256-ctr';
ScSSHClient.CiphersServer.AsString := 'blowfish-ctr,3des-ctr,cast128-ctr,aes128-ctr,aes192-ctr,aes256-ctr';

Can you offer any other suggestions?

For the issue investigation, please provide us access to your SSH server.

Yea unfortunately that is not possible, access to the SSH server that is. We will go with a different option then. Thanks for your replies though.

Unfortunately, we cannot reproduce the problem without knowing what encryption algorithms are used on the server. Please send to viktorv*devart*com only the address of your SSH server without user credentials, and we will try to help you solve your problem.

unfortunately I get the same message while trying to connect to ssh.strato.com at port 22.
Using Filezilla it is working.

At the SFTPClient-Demo I added all accessible options at
CipherClient
CiphersServer
HMACAlgorithms
HostKeyAlgorithms

But I still get the Exception "The negotiation of host key verification algorithm is failed"

What is going wrong?

Analysis has revealed that such behavior is caused by incorrect behavior of ssh.strato.com rather than SecureBridge. We’ll try to bypass such server behavior in the next release of SecureBridge.
As a temporary solution, you can try setting the TScSSHClient.HostKeyAlgorithms.AsString property to 'ecdsa'. Example: