[JIRA] (JENKINS-50601) SSH plugin cannot negotiate

SSH plugin cannot negotiate

Issue Type:	Bug
Assignee:	Devin Nusbaum
Attachments:	system_info_jenkins.txt
Components:	ssh-agent-plugin, ssh-credentials-plugin, ssh-slaves-plugin
Created:	2018-04-05 16:40
Environment:	ubuntu x64 server 16.04 Jenkins ver. 2.107.1 ssh slave plugin 1.26 SSH credentials plugin 1.13
Priority:	Major
Reporter:	Zack Snyder

I get following error (from sshd-log on windows) when trying to connect to my windows slave agent with openSSH running:

 
                                                                1716 18:01:04:153 Unable to negotiate with 192.168.115.188 port 56216: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

zack81@gmx.net (JIRA)

unread,

Apr 5, 2018, 12:46:01 PM4/5/18

to jenkinsc...@googlegroups.com

Zack Snyder updated an issue

Jenkins /

SSH plugin cannot negotiate

Change By:	Zack Snyder

I get following error (from sshd-log on windows) when trying to connect to my windows slave agent with openSSH running:

{noformat}

1716 18:01:04:153 Unable to negotiate with 192.168.115.188 port 56216: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

{noformat}

Connecting natively, via bash, works without a problem.

dnusbaum@cloudbees.com (JIRA)

unread,

Apr 5, 2018, 1:11:02 PM4/5/18

to jenkinsc...@googlegroups.com

Devin Nusbaum commented on

Not sure offhand, but I would start with making sure you are running the same version of OpenSSH needs to be updated on the agent and master. See https://www.openssh.com/legacy.html for some options you can pass to OpenSSH to enable legacy key exchange algorithms if you are unable to update.

dnusbaum@cloudbees.com (JIRA)

unread,

Apr 5, 2018, 1:11:04 PM4/5/18

to jenkinsc...@googlegroups.com

Devin Nusbaum edited a comment on

zack81@gmx.net (JIRA)

unread,

Apr 6, 2018, 3:47:02 AM4/6/18

to jenkinsc...@googlegroups.com

Zack Snyder commented on

Like I already said, connection via bash works without a problem.
The problem is the ssh jenkins plugin which is outdated. It seems to ship with an own openssh agent , which is of course wrong.
It should always use the native one. (but I am not sure about that, maybe it invokes it wrong).
Anyway, the problem is the jenkins plugin.

I have the latest version of jenks. See the system_info.

zack81@gmx.net (JIRA)

unread,

Apr 10, 2018, 4:17:02 AM4/10/18

to jenkinsc...@googlegroups.com

Zack Snyder commented on

Devin Nusbaum
Any update here?

dnusbaum@cloudbees.com (JIRA)

unread,

Apr 12, 2018, 12:43:02 PM4/12/18

to jenkinsc...@googlegroups.com

Devin Nusbaum commented on

I am not really familiar with any of these plugins. Maybe something is wrong with the Trilead version detection in the ssh-slaves-plugin that is causing it to use outdated key exchange algorithms. Ivan Fernandez Calvo might be more familiar with the plugin and have an idea whether this is a bug or something that needs to be configured.

ifernandezcalvo@cloudbees.com (JIRA)

unread,

Apr 12, 2018, 1:59:03 PM4/12/18

to jenkinsc...@googlegroups.com

Ivan Fernandez Calvo commented on

https://github.com/jenkinsci/trilead-ssh2/blob/8ddd97a72e62f62e9eb04c873610893be1a8b053/src/com/trilead/ssh2/transport/KexManager.java#L334

You have to enable one of these key exchange methods on your sshd_config, these are the only available

 
                                                                diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1

jthompson@cloudbees.com (JIRA)

unread,

Apr 12, 2018, 2:25:02 PM4/12/18

to jenkinsc...@googlegroups.com

Jeff Thompson commented on