Details

    • Similar Issues:

      Description

      I get following error (from sshd-log on windows) when trying to connect to my windows slave agent with openSSH running:

      1716 18:01:04:153 Unable to negotiate with 192.168.115.188 port 56216: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
      

      Connecting natively, via bash, works without a problem.

        Attachments

          Activity

          Hide
          dnusbaum Devin Nusbaum added a comment - - edited

          Not sure offhand, but I would start with making sure you are running the same version of OpenSSH on the agent and master. See https://www.openssh.com/legacy.html for some options you can pass to OpenSSH to enable legacy key exchange algorithms if you are unable to update.

          Show
          dnusbaum Devin Nusbaum added a comment - - edited Not sure offhand, but I would start with making sure you are running the same version of OpenSSH on the agent and master. See https://www.openssh.com/legacy.html for some options you can pass to OpenSSH to enable legacy key exchange algorithms if you are unable to update.
          Hide
          zack Zack Snyder added a comment -

          Like I already said, connection via bash works without a problem.
          The problem is the ssh jenkins plugin which is outdated. It seems to ship with an own openssh agent , which is of course wrong.
          It should always use the native one. (but I am not sure about that, maybe it invokes it wrong).
          Anyway, the problem is the jenkins plugin.

          I have the latest version of jenks. See the system_info.

          Show
          zack Zack Snyder added a comment - Like I already said, connection via bash works without a problem. The problem is the ssh jenkins plugin which is outdated. It seems to ship with an own openssh agent , which is of course wrong. It should always use the native one. (but I am not sure about that, maybe it invokes it wrong). Anyway, the problem is the jenkins plugin. I have the latest version of jenks. See the system_info.
          Hide
          zack Zack Snyder added a comment -

          Devin Nusbaum
          Any update here?

          Show
          zack Zack Snyder added a comment - Devin Nusbaum Any update here?
          Hide
          dnusbaum Devin Nusbaum added a comment -

          I am not really familiar with any of these plugins. Maybe something is wrong with the Trilead version detection in the ssh-slaves-plugin that is causing it to use outdated key exchange algorithms. Ivan Fernandez Calvo might be more familiar with the plugin and have an idea whether this is a bug or something that needs to be configured.

          Show
          dnusbaum Devin Nusbaum added a comment - I am not really familiar with any of these plugins. Maybe something is wrong with the Trilead version detection in the ssh-slaves-plugin that is causing it to use outdated key exchange algorithms. Ivan Fernandez Calvo might be more familiar with the plugin and have an idea whether this is a bug or something that needs to be configured.
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          You have to enable one of these key exchange methods on your sshd_config, these are the only available

          diffie-hellman-group-exchange-sha256
          diffie-hellman-group-exchange-sha1
          diffie-hellman-group14-sha1
          diffie-hellman-group1-sha1
          

          https://github.com/jenkinsci/trilead-ssh2/blob/8ddd97a72e62f62e9eb04c873610893be1a8b053/src/com/trilead/ssh2/transport/KexManager.java#L334

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - You have to enable one of these key exchange methods on your sshd_config, these are the only available diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 https://github.com/jenkinsci/trilead-ssh2/blob/8ddd97a72e62f62e9eb04c873610893be1a8b053/src/com/trilead/ssh2/transport/KexManager.java#L334
          Hide
          jthompson Jeff Thompson added a comment -

          It looks like there is a mismatch between the key exchange algorithms offered by the Jenkins server and those accepted on your Windows agent side. You might check which algorithms are enabled for your sshd on your Windows machine. The diffie-hellman-group-exchange-sha256 one is considered current, strong, and acceptable.

          Is this a new and different error from something that used to work? Or are you just trying to get things set up and working?

          You might try asking for configuration assistance on the Jenkins Users group. You might get better assistance there.

          Show
          jthompson Jeff Thompson added a comment - It looks like there is a mismatch between the key exchange algorithms offered by the Jenkins server and those accepted on your Windows agent side. You might check which algorithms are enabled for your sshd on your Windows machine. The diffie-hellman-group-exchange-sha256 one is considered current, strong, and acceptable. Is this a new and different error from something that used to work? Or are you just trying to get things set up and working? You might try asking for configuration assistance on the Jenkins Users group. You might get better assistance there.

            People

            • Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              zack Zack Snyder
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: