Menu
I'm trying to ssh from Jenkins to a local server but the following error is thrown:
[SSH] Exception:Algorithm negotiation fail com.jcraft.jsch.JSchException: Algorithm negotiation fail at com.jcraft.jsch.Session.receive_kexinit(Session.java:520) at com.jcraft.jsch.Session.connect(Session.java:286) at com.jcraft.jsch.Session.connect(Session.java:150) at org.jvnet.hudson.plugins.SSHSite.createSession(SSHSite.java:141) at org.jvnet.hudson.plugins.SSHSite.executeCommand(SSHSite.java:151) at org.jvnet.hudson.plugins.SSHBuildWrapper.executePreBuildScript(SSHBuildWrapper.java:75) at org.jvnet.hudson.plugins.SSHBuildWrapper.setUp(SSHBuildWrapper.java:59) at hudson.model.Build$BuildExecution.doRun(Build.java:154) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:533) at hudson.model.Run.execute(Run.java:1754) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:89) at hudson.model.Executor.run(Executor.java:240) Finished: FAILURE Installed version of Java on SSH server:
java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b18) Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode) Installed version of java on client:
java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b18) Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode) Also tried this solution: JSchException: Algorithm negotiation fail but it's not working. From putty everything seems to be ok. The connection is established but when I trigger the Jenkins job the error is thrown. Should I try another version of ssh server. Now I'm using copssh.
745
Now that you are connected without any issues after passing the -o “Compression no” parameter to the ssh client, you can notice that the remote-host is using openSSH which is different than the ssh that was running on the local-host, which was the reason for the algorithm negotiation failed issue. If you enjoyed this article, you might also like..
It seems that the jenkins plugins does not use the same ssh connection settings than the nativ shell. If you wrap your remote commands with the code above the connection works fine. With this solution you dont need the ssh-plugin anymore.
It seems that the jenkins plugins does not use the same ssh connection settings than the nativ shell. If you wrap your remote commands with the code above the connection works fine.
If you want to temporarily fix this issue, simply download "Jsch" with min. version of 0.1.53 and move it to the SSH plugin directory, for example: cp /tmp/jsch-0.1.53.jar /var/lib/jenkins/plugins/ssh/WEB-INF/lib/ Don't forget to restart jenkins. You should now be able to Build your Job with Debian Jessie.
TL;DR edit your sshd_config and enable support for diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 in KexAlgorithms:
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 I suspect that the problem appeared after the following change in OpenSSH 6.7: "The default set of ciphers and MACs has been altered to remove unsafe algorithms.". (see changelog). This version was released on Oct, 6, and made it on Oct, 21 to Debian testing (see Debian changelog).
OpenSSH enables only the following key exchange algorithms by default:
Whereas JSch claims to support these algorithms (see under "features") for key exchange:
So indeed, they cannot agree on a common key exchange algorithm. Updating sshd_config (and restarting the SSH server) does the trick. Apparently JSch is supposed to support the "diffie-hellman-group-exchange-sha256" method since version 0.1.50 (see changelog).
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
