Algorithm negotiation fail with 0.1.63

[xiahaohai123]

I got com.jcraft.jsch.JSchException: Algorithm negotiation fail when I connect to a server which only support ssh-dss and ssh-rsa.
This problem doesn't happen with 0.1.57.
Are these algorithm no longer supported?

[mwiede]

I think you are running into the same problem like others in i.e. in #40 or #45 , because the default configuration was changed. There are existing discussions in #59 and an open PR #61 so I do not think it's a new issue.
For the moment, you have to overwrite the configuration to keep old algorithms working.

[xiahaohai123]

Thanks for reply.
It works when I use session.setConfig("server_host_key") to enable ssh-dss.
However, why I can't connect to the server which only support ssh-rsa?
I used 'session.getConfig("server_host_key")' and output the config. It contains "ssh-rsa".

[xiahaohai123]

It's other problem.
Anyway,Thanks for reply.your proposal works.
I'll close the issue :).

[norrisjeremy]

Hi @xiahaohai123,

I suspect the issue you are encountering with ssh-rsa is similar to the issues as commented in #45 (comment) & #47 (comment).

What is probably occurring is that JSch is first attempting rsa-sha2-512 & rsa-sha2-256, which are both rejected by your server (because it doesn't support them). And then your server closes the SSH session before JSch can attempt ssh-rsa based authentication (because the connection has hit the server's MaxAuthTries limit).

I suspect that if you tried this in your application, the connection would succeed using ssh-rsa:

JSch.setConfig("PubkeyAcceptedKeyTypes", "ssh-rsa," + JSch.getConfig("PubkeyAcceptedKeyTypes"));

This will move ssh-rsa to the head of the list, making it the first signature algorithm that is attempted by JSch for authentication (before it attempts rsa-sha2-512 & rsa-sha2-256).

Thanks,
Jeremy