paramiko Incompatible ssh peer (no acceptable kex algorithm)
Solution 1
I was having similar issue with Debian 8 and OpenSSH on the server side.
As a quick fix, the following Cipher/MACs/KexAlgorithms settings on the server side fixes the issue:
In /etc/ssh/sshd_config:
Ciphers [email protected],[email protected],aes256-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
Though... you should analyze those settings from the security point of view. I set it in lab env, so didn't take care about it.
Also not sure if you can modify it in this way for Cisco ACS
Solution 2
I upgraded the paramiko to fix the problem:
sudo pip install paramiko --upgrade
My updated version of paramiko is:
paramiko==2.0.2
Solution 3
I was getting the following error when trying to ssh to an Aruba device using paramiko:
paramiko.ssh_exception.SSHException: Incompatible ssh peer (no acceptable kex algorithm)
Doing a paramiko upgrade resolved this issue:
sudo pip install paramiko --upgrade
Solution 4
In case anyone else is still having this issue even after upgrading using pip install paramiko --upgrade
, be sure you don't have paramiko installed system wide, because it will be loaded before the pip ones, you can check it with dpkg -l | grep paramiko
, if it's installed remove it and install through pip.
Solution 5
For me, I upgraded the version of paramiko and it resolved things. Specifically, I originally installed paramiko via the Ubuntu 14.04 python-paramiko package and replaced it with the latest using pip (1.10 -> 1.16).
Related videos on Youtube
Tony
Updated on July 09, 2022Comments
-
Tony almost 2 years
I'm getting the following error when trying to ssh to a Cisco ACS device using the paramiko library. I've used paramiko in python without issue, and I can ssh to this box from the command line, or using putty without issue. I've turned on debugging and copied the info here. Please let me know if you can help me out.
import paramiko import sys import socket try: paramiko.common.logging.basicConfig(level=paramiko.common.DEBUG) sshConnection = paramiko.SSHClient() sshConnection.set_missing_host_key_policy(paramiko.AutoAddPolicy()) sshConnection.connect('server',username='username',password='password') except paramiko.BadAuthenticationType: sys.stdout.write('Bad Password!\n') sys.exit() except paramiko.SSHException, sshFail: sys.stdout.write('Connection Failed!\n') sys.stdout.write('%s\n' % sshFail) sys.exit() except socket.error, socketFail: sys.stdout.write('Failed to open socket\n') sys.stdout.write('%s\n' % socketFail) sys.exit()
and the debug output returned:
DEBUG:paramiko.transport:starting thread (client mode): 0x14511d0L INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.3) DEBUG:paramiko.transport:kex algos:['diffie-hellman-group14-sha1'] server key:['ssh-rsa'] client encrypt:['aes256-cbc', 'aes128-cbc', '3des-cbc'] server encrypt:['aes256-cbc', 'aes128-cbc', '3des-cbc'] client mac:['hmac-sha1'] server mac:['hmac-sha1'] client compress:['none', '[email protected]'] server compress:['none', '[email protected]'] client lang:[''] server lang:[''] kex follows?False ERROR:paramiko.transport:Exception: Incompatible ssh peer (no acceptable kex algorithm) ERROR:paramiko.transport:Traceback (most recent call last): ERROR:paramiko.transport: File "build\bdist.win32\egg\paramiko\transport.py", line 1546, in run ERROR:paramiko.transport: self._handler_table[ptype](self, m) ERROR:paramiko.transport: File "build\bdist.win32\egg\paramiko\transport.py", line 1618, in _negotiate_keys ERROR:paramiko.transport: self._parse_kex_init(m) ERROR:paramiko.transport: File "build\bdist.win32\egg\paramiko\transport.py", line 1731, in _parse_kex_init ERROR:paramiko.transport: raise SSHException('Incompatible ssh peer (no acceptable kex algorithm)') ERROR:paramiko.transport:SSHException: Incompatible ssh peer (no acceptable kex algorithm) ERROR:paramiko.transport: Connection Failed! Incompatible ssh peer (no acceptable kex algorithm)
I've made sure I have the most recent versions of pycrypto and paramiko installed.
-
BizNuge over 9 yearsWho were you DenverCoder9... What did you see?!
-
Justin over 9 yearsFor me,
sudo easy_install paramiko
fixed the problem. The key exchange (kex) algorithm might be an sshd setting you can change? -
Peter Grace over 8 years@BizNuge if you are still having this issue, check the answer below from wisnia which fixed it for me. I edited the post to make it easier to cut-and-paste.
-
Samuel over 8 yearsLooks like an old paramiko bug. Its waiting for merge github.com/paramiko/paramiko/pull/356
-
-
Peter Grace over 8 yearswisnia, thank you for this -- even after upgrading paramiko I had the same issue, but using your settings (which appear to be secure enough to use) solved my issue.
-
Daan over 7 yearsCan you explain what you are doing here exactly?
-
Sandeep Singhal almost 7 yearsThe minimum addition to /etc/ssh/sshd_config that will be required is : "KexAlgorithms diffie-hellman-group-exchange-sha1". I really used the list above and started stripping. The algorithm however is not the safest from security perspective as mentioned in the original post.
-
Toandd almost 7 yearsThank bros! this solution can be applied for both ubuntu, centos, and fedora. I took all day for this
-
jdhildeb over 6 yearsThis failed when I tried. Needed some dependencies to successfully build paramiko's dependencies. After all that I still couldn't connect - I believe the current version of paramiko is too new for my system (Ubuntu 14.04) and is not compatible. In the end, I ran
sudo pip install paramiko == 1.16
and this worked. -
Caumons over 5 years@jdhildeb Thanks, that helped, but I also had to uninstall the
python-paramiko
package system package in order to runsudo pip install paramiko==1.16