Missing KexAlgorithms +diffie-hellman-group1-sha1

[liftoff-sr]

I have a Java project which uses the jsch classes. I tried your repo, but had to switch back to sschlib because it supported this:

KexAlgorithms +diffie-hellman-group1-sha1

requirement in my thousands of remote nodes running older dropbear all over the world. They are not upgradeable. I tried unsuccessfully to add support for that KexAlgorithm back into your library. So the path of least resistance was to switch back to something that works: sschlib. It is not an option to upgrade these little servers.

I can connect to these boxes fine using command line ssh on modern linux if I add the above statement to file: ~/.ssh/config.

Is there a simple trick to support this when creating the JSch class instance by modifying the config records without modifying the library source? Nothing I tried along that pathway worked after a full day of trying.

[mwiede]

I don't know, whether I got your question right.

You could use openssh config file, and you can try:

JSch jsch = new JSch();
final String configFile = System.getProperty("user.home") + File.separator + ".ssh" + File.separator + "config";
jsch.setConfigRepository(OpenSSHConfig.parseFile(new File(configFile).getAbsolutePath()));

so whatever is configured there, should be used for the session to connect.

Hardcoded would be:

Session session = Jsch.getSession(username, host)
session.setConfig("kex", "diffie-hellman-group1-sha1");

[liftoff-sr]

what I am using with success: // Add back the old diffie-hellman-group1-sh1 support for old // dropbear nodes. String kex_str = session.getConfig( "kex" ); kex_str = "diffie-hellman-group1-sha1," + kex_str; session.setConfig( "kex", kex_str );

[liftoff-sr]

On 3/24/21 1:42 PM, Matthias Wiedemann wrote: Hardcoded would be: |Session session = Jsch.getSession(username, host) session.setConfig("kex", "diffie-hellman-group1-sha1"); |

Matthias, You da man!

[liftoff-sr]

Matthias,
I am sorry to report that it is not working. I am quite confused because I thought that it was working with the "kex" override. But at this point in time it fails the negotiation at line 141 of file KeyExchange.java.

(That for loop is ugly, even when I single step it with IntelliJ it is not clear. I would have used Strings not byte array segments, and it is not commented. Strings are being created for the equals(), it would have been better to create them earlier so a debugger could see them. )

Something else got broken when the "diffie-hellman-group1-sha1" algorithm got removed from the original code, and I simply must have this working, even if I have to switch back to the sschlib AGAIN.

[mwiede]

I tested the following:

I took a very old dropbear server
docker run -p 22001:22 stafli/stafli.ssh.dropbear:dropbear2014_debian8
added a user test
docker exec -it cee9668e2954 adduser test

Trying to connect with local openssh:
ssh -o KexAlgorithms=diffie-hellman-group1-sha1 test@localhost -p 22001

it works.

now with this jsch fork:

final String kex= "diffie-hellman-group1-sha1";

final JSch ssh = new JSch();
final Session session = ssh.getSession("test", "localhost", 22001);
session.setPassword("test");
session.setConfig("StrictHostKeyChecking", "no");
session.setConfig("kex", kex);

session.connect();
System.out.println(session.isConnected());
session.disconnect();

Log:

17:14:21.293 [main] INFO  com.jcraft.jsch.JSch - Connecting to localhost port 22001
17:14:21.313 [main] INFO  com.jcraft.jsch.JSch - Connection established
17:14:21.325 [main] INFO  com.jcraft.jsch.JSch - Remote version string: SSH-2.0-dropbear_2014.65
17:14:21.326 [main] INFO  com.jcraft.jsch.JSch - Local version string: SSH-2.0-JSCH-null
17:14:21.326 [main] INFO  com.jcraft.jsch.JSch - CheckCiphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
17:14:21.418 [main] INFO  com.jcraft.jsch.JSch - chacha20-poly1305@openssh.com is not available.
17:14:21.418 [main] DEBUG com.jcraft.jsch.JSch - cipher.c2s proposal before removing unavailable algos is: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
17:14:21.418 [main] DEBUG com.jcraft.jsch.JSch - cipher.s2c proposal before removing unavailable algos is: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
17:14:21.418 [main] DEBUG com.jcraft.jsch.JSch - cipher.c2s proposal after removing unavailable algos is: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
17:14:21.418 [main] DEBUG com.jcraft.jsch.JSch - cipher.s2c proposal after removing unavailable algos is: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
17:14:21.418 [main] INFO  com.jcraft.jsch.JSch - CheckMacs: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512
17:14:21.427 [main] INFO  com.jcraft.jsch.JSch - CheckKexes: curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
17:14:22.434 [main] INFO  com.jcraft.jsch.JSch - curve25519-sha256 is not available.
17:14:22.435 [main] INFO  com.jcraft.jsch.JSch - curve25519-sha256@libssh.org is not available.
17:14:22.435 [main] INFO  com.jcraft.jsch.JSch - curve448-sha512 is not available.
17:14:22.435 [main] DEBUG com.jcraft.jsch.JSch - kex proposal before removing unavailable algos is: diffie-hellman-group1-sha1
17:14:22.436 [main] DEBUG com.jcraft.jsch.JSch - kex proposal after removing unavailable algos is: diffie-hellman-group1-sha1
17:14:22.436 [main] INFO  com.jcraft.jsch.JSch - CheckSignatures: rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-ed448
17:14:22.471 [main] INFO  com.jcraft.jsch.JSch - ssh-ed25519 is not available.
17:14:22.472 [main] INFO  com.jcraft.jsch.JSch - ssh-ed448 is not available.
17:14:22.472 [main] DEBUG com.jcraft.jsch.JSch - server_host_key proposal before removing unavailable algos is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
17:14:22.472 [main] DEBUG com.jcraft.jsch.JSch - server_host_key proposal after removing unavailable algos is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
17:14:22.472 [main] DEBUG com.jcraft.jsch.JSch - server_host_key proposal before known_host reordering is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
17:14:22.477 [main] DEBUG com.jcraft.jsch.JSch - server_host_key proposal after known_host reordering is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - SSH_MSG_KEXINIT sent
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - SSH_MSG_KEXINIT received
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - kex: server: ssh-rsa
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - kex: server: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - kex: server: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - kex: server: hmac-sha1-96,hmac-sha1,hmac-md5
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - kex: server: hmac-sha1-96,hmac-sha1,hmac-md5
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - kex: server: zlib,zlib@openssh.com,none
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - kex: server: zlib,zlib@openssh.com,none
17:14:22.478 [main] INFO  com.jcraft.jsch.JSch - kex: server: 
17:14:22.479 [main] INFO  com.jcraft.jsch.JSch - kex: server: 
17:14:22.479 [main] INFO  com.jcraft.jsch.JSch - kex: client: diffie-hellman-group1-sha1
17:14:22.481 [main] INFO  com.jcraft.jsch.JSch - kex: client: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
17:14:22.482 [main] INFO  com.jcraft.jsch.JSch - kex: client: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
17:14:22.483 [main] INFO  com.jcraft.jsch.JSch - kex: client: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
17:14:22.483 [main] INFO  com.jcraft.jsch.JSch - kex: client: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
17:14:22.483 [main] INFO  com.jcraft.jsch.JSch - kex: client: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
17:14:22.483 [main] INFO  com.jcraft.jsch.JSch - kex: client: none
17:14:22.483 [main] INFO  com.jcraft.jsch.JSch - kex: client: none
17:14:22.483 [main] INFO  com.jcraft.jsch.JSch - kex: client: 
17:14:22.483 [main] INFO  com.jcraft.jsch.JSch - kex: client: 
17:14:22.483 [main] INFO  com.jcraft.jsch.JSch - kex: algorithm: diffie-hellman-group1-sha1
17:14:22.483 [main] INFO  com.jcraft.jsch.JSch - kex: host key algorithm: ssh-rsa
17:14:22.484 [main] INFO  com.jcraft.jsch.JSch - kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
17:14:22.484 [main] INFO  com.jcraft.jsch.JSch - kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
17:14:22.487 [main] INFO  com.jcraft.jsch.JSch - SSH_MSG_KEXDH_INIT sent
17:14:22.488 [main] INFO  com.jcraft.jsch.JSch - expecting SSH_MSG_KEXDH_REPLY
17:14:22.652 [main] INFO  com.jcraft.jsch.JSch - ssh_rsa_verify: ssh-rsa signature true
17:14:22.654 [main] WARN  com.jcraft.jsch.JSch - Permanently added 'localhost' (RSA) to the list of known hosts.
17:14:22.654 [main] INFO  com.jcraft.jsch.JSch - SSH_MSG_NEWKEYS sent
17:14:22.655 [main] INFO  com.jcraft.jsch.JSch - SSH_MSG_NEWKEYS received
17:14:22.658 [main] INFO  com.jcraft.jsch.JSch - SSH_MSG_SERVICE_REQUEST sent
17:14:22.664 [main] INFO  com.jcraft.jsch.JSch - SSH_MSG_SERVICE_ACCEPT received
17:14:22.674 [main] INFO  com.jcraft.jsch.JSch - Authentications that can continue: publickey,keyboard-interactive,password
17:14:22.674 [main] INFO  com.jcraft.jsch.JSch - Next authentication method: publickey
17:14:22.676 [main] INFO  com.jcraft.jsch.JSch - Authentications that can continue: password
17:14:22.676 [main] INFO  com.jcraft.jsch.JSch - Next authentication method: password
17:14:22.685 [main] INFO  com.jcraft.jsch.JSch - Authentication succeeded (password).
true
17:14:22.686 [main] INFO  com.jcraft.jsch.JSch - Disconnecting from localhost port 22001

With more recent versions of dropbear it does not work, it only supports diffie-hellman-group14-sha1 instead of diffie-hellman-group1-sha1

[liftoff-sr]

Thank you Matthias for that time.
With the same client code, I must be able to support both dropbear version 0.51 and then a stock debian bullseye open-ssh server. These are the only two servers I need to support with this specialized client Java application. I had already tried code similar to your recent successful test against 0.51 dropbear, and it was failing at the line number that I had indicated, often with i = 2.

[norrisjeremy]

Would you be able to capture internal logging output from JSch?

[mwiede]

I debugged a connection to dropbear 0.50
the loop with i=2 and i=3 is looking for a matching cipher algorith.
dropbear 0.50 is offering
aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc
and jsch gives
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com, which are similar to the openssh default ones.

So it cannot find a matching one.

What you can do is, allowing aes128-cbc by config: either put Ciphers aes128-cbc to your .ssh/config
or put

session.setConfig("cipher.c2s","aes128-cbc");
session.setConfig("cipher.s2c","aes128-cbc");

into your code.

I agree that the original code is hard to handle and the error is not leading to the error detail.

[liftoff-sr]

Thanks Matthias. Question: since I have to simultaneously support ssh connections to both drop bear 0.5 and modern open-ssh-server on debian bulls-eye, and do so without knowing in advance what type of box it is, I need something which is additive to the configuration, not a replacement of the configuration. Otherwise I might end up being able to talk to only dropbear 0.50 and not also open-ssh-server. Can this preparation be done additively some how?

session.setConfig("cipher.c2s","aes128-cbc");
session.setConfig("cipher.s2c","aes128-cbc");

[liftoff-sr]

"I agree that the original code is hard to handle and the error is not leading to the error detail."

Yes, it is a total mess. This is not performance critical code, since it only executes once in a session. I would: a) use strings not byte array segments, and b) separate each match goal into its own loop, so it is clear what the goal is in any match loop, with comments. I used StringTokenizer to separate on commas, but then learned that for back to back commas or back to back string separators in general, StringTokenizer does not return a blank string. It eats back to back separators, so this has to be scrutinized anew.

[mwiede]

Thanks Matthias. Question: since I have to simultaneously support ssh connections to both drop bear 0.5 and modern open-ssh-server on debian bulls-eye, and do so without knowing in advance what type of box it is, I need something which is additive to the configuration, not a replacement of the configuration. Otherwise I might end up being able to talk to only dropbear 0.50 and not also open-ssh-server. Can this preparation be done additively some how?

session.setConfig("cipher.c2s","aes128-cbc");
session.setConfig("cipher.s2c","aes128-cbc");

What about

session.setConfig("cipher.c2s", session.getConfig("cipher.c2s") + ",aes128-cbc");
session.setConfig("cipher.s2c", session.getConfig("cipher.s2c") + ",aes128-cbc");

[liftoff-sr]

session.setConfig("cipher.c2s","aes128-cbc"); session.setConfig("cipher.s2c","aes128-cbc");

That should work. Thank you very much Matthias. I will try this in the next several days. Dick

[liftoff-sr]

session.setConfig("cipher.c2s", session.getConfig("cipher.c2s") + ",aes128-cbc");
session.setConfig("cipher.s2c", session.getConfig("cipher.s2c") + ",aes128-cbc");

I tried it and it works. So I plan on distributing with your library.
Thanks again.

I hope some movement can be made on adding support for IPv6 in the next year?

Dick

[mwiede]

Closing issue as problem can be solved by configuration.

[iss96]

I am getting the below error while connecting to other server using JSch,
I used the below version in pom file

com.github.mwiede jsch 0.1.58

This Jenkins job started failing all of sudden due to the below error,
Please help...
Thanks in advance
Satya

----------Error------------------
java.lang.ClassNotFoundException: DiffieHellman
01:22:20 at org.codehaus.mojo.exec.URLClassLoaderBuilder$ExecJavaClassLoader.loadClass(URLClassLoaderBuilder.java:198)
01:22:20 at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
01:22:20 at java.lang.Class.forName0(Native Method)
01:22:20 at java.lang.Class.forName(Class.java:264)
01:22:20 at javax.crypto.Support.getImplementation(Support.java:77)
01:22:20 at javax.crypto.Support.getImplementation(Support.java:32)
01:22:20 at javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:50)
01:22:20 at com.jcraft.jsch.jce.DH.init(DH.java:51)
01:22:20 at com.jcraft.jsch.DHG14.init(DHG14.java:111)
01:22:20 at com.jcraft.jsch.Session.checkKex(Session.java:2542)
01:22:20 at com.jcraft.jsch.Session.checkKexes(Session.java:2519)
01:22:20 at com.jcraft.jsch.Session.send_kexinit(Session.java:634)
01:22:20 at com.jcraft.jsch.Session.connect(Session.java:307)
01:22:20 at com.jcraft.jsch.Session.connect(Session.java:183)
01:22:20 at com.rsa.sid.agents.core.remote.SSHUtils.connect(SSHUtils.java:91)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.getAMClientProperties(AMRemoteJarUtil.java:88)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.updateConfig(AMRemoteJarUtil.java:77)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.main(AMRemoteJarUtil.java:73)
01:22:20 at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:279)
01:22:20 at java.lang.Thread.run(Thread.java:748)
01:22:20 java.lang.ClassNotFoundException: ECDH
01:22:20 at org.codehaus.mojo.exec.URLClassLoaderBuilder$ExecJavaClassLoader.loadClass(URLClassLoaderBuilder.java:198)
01:22:20 at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
01:22:20 at java.lang.Class.forName0(Native Method)
01:22:20 at java.lang.Class.forName(Class.java:264)
01:22:20 at javax.crypto.Support.getImplementation(Support.java:77)
01:22:20 at javax.crypto.Support.getImplementation(Support.java:32)
01:22:20 at javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:50)
01:22:20 at com.jcraft.jsch.jce.ECDHN.init(ECDHN.java:44)
01:22:20 at com.jcraft.jsch.DHECN.init(DHECN.java:81)
01:22:20 at com.jcraft.jsch.Session.checkKex(Session.java:2542)
01:22:20 at com.jcraft.jsch.Session.checkKexes(Session.java:2519)
01:22:20 at com.jcraft.jsch.Session.send_kexinit(Session.java:634)
01:22:20 at com.jcraft.jsch.Session.connect(Session.java:307)
01:22:20 at com.jcraft.jsch.Session.connect(Session.java:183)
01:22:20 at com.rsa.sid.agents.core.remote.SSHUtils.connect(SSHUtils.java:91)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.getAMClientProperties(AMRemoteJarUtil.java:88)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.updateConfig(AMRemoteJarUtil.java:77)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.main(AMRemoteJarUtil.java:73)
01:22:20 at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:279)
01:22:20 at java.lang.Thread.run(Thread.java:748)
01:22:20 java.lang.ClassNotFoundException: ECDH
01:22:20 at org.codehaus.mojo.exec.URLClassLoaderBuilder$ExecJavaClassLoader.loadClass(URLClassLoaderBuilder.java:198)
01:22:20 at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
01:22:20 at java.lang.Class.forName0(Native Method)
01:22:20 at java.lang.Class.forName(Class.java:264)
01:22:20 at javax.crypto.Support.getImplementation(Support.java:77)
01:22:20 at javax.crypto.Support.getImplementation(Support.java:32)
01:22:20 at javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:50)
01:22:20 at com.jcraft.jsch.jce.ECDHN.init(ECDHN.java:44)
01:22:20 at com.jcraft.jsch.DHECN.init(DHECN.java:81)
01:22:20 at com.jcraft.jsch.Session.checkKex(Session.java:2542)
01:22:20 at com.jcraft.jsch.Session.checkKexes(Session.java:2519)
01:22:20 at com.jcraft.jsch.Session.send_kexinit(Session.java:634)
01:22:20 at com.jcraft.jsch.Session.connect(Session.java:307)
01:22:20 at com.jcraft.jsch.Session.connect(Session.java:183)
01:22:20 at com.rsa.sid.agents.core.remote.SSHUtils.connect(SSHUtils.java:91)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.getAMClientProperties(AMRemoteJarUtil.java:88)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.updateConfig(AMRemoteJarUtil.java:77)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.main(AMRemoteJarUtil.java:73)
01:22:20 at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:279)
01:22:20 at java.lang.Thread.run(Thread.java:748)
01:22:20 java.lang.ClassNotFoundException: ECDH
01:22:20 at org.codehaus.mojo.exec.URLClassLoaderBuilder$ExecJavaClassLoader.loadClass(URLClassLoaderBuilder.java:198)
01:22:20 at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
01:22:20 at java.lang.Class.forName0(Native Method)
01:22:20 at java.lang.Class.forName(Class.java:264)
01:22:20 at javax.crypto.Support.getImplementation(Support.java:77)
01:22:20 at javax.crypto.Support.getImplementation(Support.java:32)
01:22:20 at javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:50)
01:22:20 at com.jcraft.jsch.jce.ECDHN.init(ECDHN.java:44)
01:22:20 at com.jcraft.jsch.DHECN.init(DHECN.java:81)
01:22:20 at com.jcraft.jsch.Session.checkKex(Session.java:2542)
01:22:20 at com.jcraft.jsch.Session.checkKexes(Session.java:2519)
01:22:20 at com.jcraft.jsch.Session.send_kexinit(Session.java:634)
01:22:20 at com.jcraft.jsch.Session.connect(Session.java:307)
01:22:20 at com.jcraft.jsch.Session.connect(Session.java:183)
01:22:20 at com.rsa.sid.agents.core.remote.SSHUtils.connect(SSHUtils.java:91)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.getAMClientProperties(AMRemoteJarUtil.java:88)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.updateConfig(AMRemoteJarUtil.java:77)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.main(AMRemoteJarUtil.java:73)
01:22:20 at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:279)
01:22:20 at java.lang.Thread.run(Thread.java:748)
01:22:20 Caught and rethrew exception com.jcraft.jsch.JSchException. Failed attempt to SSH to 172.XX.XX.93 using username bobuser password mypass123$ port 22
01:22:20 [WARNING]
01:22:20 com.jcraft.jsch.JSchException: Algorithm negotiation fail
01:22:20 at com.jcraft.jsch.Session.receive_kexinit (Session.java:590)
01:22:20 at com.jcraft.jsch.Session.connect (Session.java:320)
01:22:20 at com.jcraft.jsch.Session.connect (Session.java:183)
01:22:20 at com.rsa.sid.agents.core.remote.SSHUtils.connect (SSHUtils.java:91)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.getAMClientProperties (AMRemoteJarUtil.java:88)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.updateConfig (AMRemoteJarUtil.java:77)
01:22:20 at com.rsa.sid.agents.pam.AMRemoteJarUtil.main (AMRemoteJarUtil.java:73)
01:22:20 at org.codehaus.mojo.exec.ExecJavaMojo$1.run (ExecJavaMojo.java:279)
01:22:20 at java.lang.Thread.run (Thread.java:748)