paramiko Incompatible ssh peer (no acceptable kex algorithm)

python ssh paramiko cisco
47,680

Solution 1

I was having similar issue with Debian 8 and OpenSSH on the server side.

As a quick fix, the following Cipher/MACs/KexAlgorithms settings on the server side fixes the issue:

In /etc/ssh/sshd_config:

Ciphers [email protected],[email protected],aes256-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

Though... you should analyze those settings from the security point of view. I set it in lab env, so didn't take care about it.

Also not sure if you can modify it in this way for Cisco ACS

Solution 2

I upgraded the paramiko to fix the problem:

 sudo pip install paramiko --upgrade

My updated version of paramiko is:

paramiko==2.0.2

Solution 3

I was getting the following error when trying to ssh to an Aruba device using paramiko:

paramiko.ssh_exception.SSHException: Incompatible ssh peer (no acceptable kex algorithm)

Doing a paramiko upgrade resolved this issue: 

sudo pip install paramiko --upgrade

Solution 4

In case anyone else is still having this issue even after upgrading using pip install paramiko --upgrade , be sure you don't have paramiko installed system wide, because it will be loaded before the pip ones, you can check it with dpkg -l | grep paramiko, if it's installed remove it and install through pip.

Solution 5

For me, I upgraded the version of paramiko and it resolved things. Specifically, I originally installed paramiko via the Ubuntu 14.04 python-paramiko package and replaced it with the latest using pip (1.10 -> 1.16).

Share:
47,680

Related videos on Youtube

Tony
Author by

Tony

Updated on July 09, 2022

Comments

  • Tony
    Tony almost 2 years

    I'm getting the following error when trying to ssh to a Cisco ACS device using the paramiko library. I've used paramiko in python without issue, and I can ssh to this box from the command line, or using putty without issue. I've turned on debugging and copied the info here. Please let me know if you can help me out.

    import paramiko
import sys
import socket

try:
    paramiko.common.logging.basicConfig(level=paramiko.common.DEBUG)
    sshConnection = paramiko.SSHClient()
    sshConnection.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    sshConnection.connect('server',username='username',password='password')
except paramiko.BadAuthenticationType:
    sys.stdout.write('Bad Password!\n')     
    sys.exit()
except paramiko.SSHException, sshFail:
    sys.stdout.write('Connection Failed!\n')
    sys.stdout.write('%s\n' % sshFail)
    sys.exit()
except socket.error, socketFail:
    sys.stdout.write('Failed to open socket\n')
    sys.stdout.write('%s\n' % socketFail)
    sys.exit()

    and the debug output returned:

    DEBUG:paramiko.transport:starting thread (client mode): 0x14511d0L
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.3)
DEBUG:paramiko.transport:kex algos:['diffie-hellman-group14-sha1'] server key:['ssh-rsa'] client encrypt:['aes256-cbc', 'aes128-cbc', '3des-cbc'] server encrypt:['aes256-cbc', 'aes128-cbc', '3des-cbc'] client mac:['hmac-sha1'] server mac:['hmac-sha1'] client compress:['none', '[email protected]'] server compress:['none', '[email protected]'] client lang:[''] server lang:[''] kex follows?False
ERROR:paramiko.transport:Exception: Incompatible ssh peer (no acceptable kex algorithm)
ERROR:paramiko.transport:Traceback (most recent call last):
ERROR:paramiko.transport:  File "build\bdist.win32\egg\paramiko\transport.py", line 1546, in run
ERROR:paramiko.transport:    self._handler_table[ptype](self, m)
ERROR:paramiko.transport:  File "build\bdist.win32\egg\paramiko\transport.py", line 1618, in _negotiate_keys
ERROR:paramiko.transport:    self._parse_kex_init(m)
ERROR:paramiko.transport:  File "build\bdist.win32\egg\paramiko\transport.py", line 1731, in _parse_kex_init
ERROR:paramiko.transport:    raise SSHException('Incompatible ssh peer (no acceptable kex algorithm)')
ERROR:paramiko.transport:SSHException: Incompatible ssh peer (no acceptable kex algorithm)
ERROR:paramiko.transport:
Connection Failed!
Incompatible ssh peer (no acceptable kex algorithm)

    I've made sure I have the most recent versions of pycrypto and paramiko installed.

    • BizNuge
      BizNuge over 9 years
      Who were you DenverCoder9... What did you see?!
    • Justin
      Justin over 9 years
      For me, sudo easy_install paramiko fixed the problem. The key exchange (kex) algorithm might be an sshd setting you can change?
    • Peter Grace
      Peter Grace over 8 years
      @BizNuge if you are still having this issue, check the answer below from wisnia which fixed it for me. I edited the post to make it easier to cut-and-paste.
    • Samuel
      Samuel over 8 years
      Looks like an old paramiko bug. Its waiting for merge github.com/paramiko/paramiko/pull/356
  • Peter Grace
    Peter Grace over 8 years
    wisnia, thank you for this -- even after upgrading paramiko I had the same issue, but using your settings (which appear to be secure enough to use) solved my issue.
  • Daan
    Daan over 7 years
    Can you explain what you are doing here exactly?
  • Sandeep Singhal
    Sandeep Singhal almost 7 years
    The minimum addition to /etc/ssh/sshd_config that will be required is : "KexAlgorithms diffie-hellman-group-exchange-sha1". I really used the list above and started stripping. The algorithm however is not the safest from security perspective as mentioned in the original post.
  • Toandd
    Toandd almost 7 years
    Thank bros! this solution can be applied for both ubuntu, centos, and fedora. I took all day for this
  • jdhildeb
    jdhildeb over 6 years
    This failed when I tried. Needed some dependencies to successfully build paramiko's dependencies. After all that I still couldn't connect - I believe the current version of paramiko is too new for my system (Ubuntu 14.04) and is not compatible. In the end, I ran sudo pip install paramiko == 1.16 and this worked.
  • Caumons
    Caumons over 5 years
    @jdhildeb Thanks, that helped, but I also had to uninstall the python-paramiko package system package in order to run sudo pip install paramiko==1.16

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What is the difference between exec_command and send with invoke_shell() on Paramiko?
Python - Paramiko Getting error "object has no attribute "get_fingerprint"
Python - Paramiko - incompatible ssh server
Reading output of Top command using Paramiko
Python - pysftp / paramiko - Verify host key using its fingerprint
Python Paramiko send CTRL+C to an ssh shell
Why is Paramiko raising EOFError() when the SFTP object is stored in a dictionary?
What is a good replacement for paramiko in python 3 ? Or is there a port of paramiko for python 3?
Environment variable differences when using Paramiko
Persistent ssh session to Cisco router