NIOSSHError.keyExchangeNegotiationFailure

[kin-7777777]

Hello, I am trying to SSH to a HPC server using this library, but trying to authenticate when connecting always gives me the above error. I have tried both password authentication and p521 key authentication to no avail.

Since I have been able to successfully use SwiftNIO SSH to execute a test command on another known server, I am sure my code runs correctly (it is also adapted from the NIOSSHClient example code from this repository). I am also able to SSH with a regular computer to the HPC server.

Running ssh -Q key on the HPC server gives the following:

ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com

which is exactly the same as on the test server I have been able to connect to, and includes ed25519. Any ideas what the problem could be?

[Lukasa]

Can you run ssh -Q kex please?

[kin-7777777]

Hi Luka, running ssh -Q kex gives the following on the server I am not able to connect to:

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
gss-gex-sha1-
gss-group1-sha1-
gss-group14-sha1-

[Lukasa]

Ok, we should be able to key exchange with this server. Can you use tcpdump or Wireshark to capture the connection attempt?

[kin-7777777]

Hi Luka,

Here is the printout from tcpdump.

14:00:26.901954 IP [client].22465 > [hpc server].ssh: Flags [S], seq 847080055, win 29200, options [mss 1380,sackOK,TS val 3035437369 ecr 0,nop,wscale 7], length 0
14:00:26.901991 IP [hpc server].ssh > [client].22465: Flags [S.], seq 378646938, ack 847080056, win 28960, options [mss 1460,sackOK,TS val 3031283593 ecr 3035437369,nop,wscale 7], length 0
14:00:26.903789 IP [client].22465 > [hpc server].ssh: Flags [.], ack 1, win 229, options [nop,nop,TS val 3035437372 ecr 3031283593], length 0
14:00:26.914661 IP [hpc server].ssh > [client].22465: Flags [P.], seq 1:22, ack 1, win 227, options [nop,nop,TS val 3031283606 ecr 3035437372], length 21
14:00:26.916305 IP [client].22465 > [hpc server].ssh: Flags [P.], seq 1:26, ack 1, win 229, options [nop,nop,TS val 3035437384 ecr 3031283593], length 25
14:00:26.916317 IP [client].22465 > [hpc server].ssh: Flags [.], ack 22, win 229, options [nop,nop,TS val 3035437384 ecr 3031283606], length 0
14:00:26.916369 IP [hpc server].ssh > [client].22465: Flags [.], ack 26, win 227, options [nop,nop,TS val 3031283608 ecr 3035437384], length 0
14:00:26.918580 IP [hpc server].ssh > [client].22465: Flags [P.], seq 22:558, ack 26, win 227, options [nop,nop,TS val 3031283610 ecr 3035437384], length 536
14:00:26.919926 IP [client].22465 > [hpc server].ssh: Flags [.], ack 558, win 237, options [nop,nop,TS val 3035437388 ecr 3031283610], length 0
14:00:26.929763 IP [client].22465 > [hpc server].ssh: Flags [P.], seq 26:402, ack 558, win 237, options [nop,nop,TS val 3035437397 ecr 3031283610], length 376
14:00:26.931177 IP [hpc server].ssh > [client].22465: Flags [F.], seq 558, ack 402, win 235, options [nop,nop,TS val 3031283622 ecr 3035437397], length 0
14:00:26.942163 IP [client].22465 > [hpc server].ssh: Flags [F.], seq 402, ack 559, win 237, options [nop,nop,TS val 3035437410 ecr 3031283622], length 0
14:00:26.942178 IP [hpc server].ssh > [client].22465: Flags [.], ack 403, win 235, options [nop,nop,TS val 3031283633 ecr 3035437410], length 0