Unable to exchange encryption keys

Question

I'm facing a hard problem at the moment and I didn't find anything online that can help me.

I want to connect from my server to another one through SSH in order to send instructions (the second server manage Wi-Fi authorizations).

As much as I can say, I think the problem occurred because we updated one server. (I'm not really sure if the problem has appeared because of it).

I'm from a Windows Server and I want to call a Linux one.

Here is the script :

function executeCommand($command) {
    $infoConnection = getInfoConnection();

    $out = '';
    //The Warning occurs here, impossible to go further
    $connection = ssh2_connect($infoConnection["hostname"], 22);

    if ($connection === false) {
        $error = error_get_last();
        throw new Exception("
        Error Type : ".$error["type"]."<br/>
        Message : ".$error["message"]."<br/>
        File : ".$error["file"]."<br/>
        Line : ".$error["line"]."<br/>");
    }

    ssh2_auth_password($connection, $infoConnection["username"], $infoConnection["password"]);

    $stdio_stream = ssh2_shell($connection);
    sleep(2);
    fwrite($stdio_stream,$infoConnection["username"]."\n");
    sleep(1);
    fwrite($stdio_stream,$infoConnection["password"]."\n");
    sleep(1);

    fwrite($stdio_stream, $command."\n");
    sleep(1);
    while($buffer = fgets($stdio_stream)) {

        $out .= $buffer;
    }
    fwrite($stdio_stream, 'exit');
    unset($connection);

    return $out;
}

Here is the warning :

Warning: ssh2_connect() [function.ssh2-connect]: Error starting up SSH connection(-5): Unable to exchange encryption keys in ../aff_wifi.php on line 203

The line 203 is this one :

$connection = ssh2_connect($infoConnection["hostname"], 22);

When I "catch" the warning, I have this :

Error type : 2 Message : ssh2_connect() [function.ssh2-connect]: Unable to connect to ipAdress File: ..\aff_wifi.php Line: 203

Do you have any idea why this occurs? When I try to connect from my server to the other with PuTTY, everything works fine

Have a good day!

Answer 1

I had this problem when trying to access a focal ubuntu server from a little old xenial through ssh2_connect. The solution was to update libssh2-1. Even with php showing the old version, it worked normally.

In the xenial, I added the focal repository, then installed the latest version of libssh2-1, restarted PHP to apply and removed focal repository.

sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse"
sudo apt-get update
sudo apt -y install libssh2-1
sudo add-apt-repository -r "deb http://archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse"
sudo apt-get update

Answer 2

Warning: ssh2_connect() [function.ssh2-connect]: Error starting up SSH connection(-5): Unable to exchange encryption keys in ../aff_wifi.php on line 203

libssh2 0.x only supports Diffie-Hellman SHA1 based key exchange. OpenSSH has disabled DH SHA1 by default. That leaves libssh2 0.x high and dry.

Option 1: Update libssh2

libssh2 1.7 and up supports DH SHA256 and ECDH key exchange. These will work with the latest OpenSSH. 1.x releases require PHP 7.

Option 2: use phpseclib

If you're stuck on PHP 5 then libssh2 isn't usable. The highest version available for PHP5 is libssh2 0.13 which still only supports the SHA1 key exchanges. An alternate library that worked for me was phpseclib. That supports diffie-hellman-group-exchange-sha256 and I was able to connect to updated OpenSSH servers.