Handshake Failed: no matching key exchange algorithm

[Baledin]

Similar to #236 and #238, I'm receiving the above error since mid-January or so. I've tried to add the fix listed in 236 with no luck. This was working fine prior and I can connect via Putty with no problems.

Here is my log (scrubbed):

[INFO] Created output channel for vscode-sshfs
[INFO] Loading configurations...
[DEBUG] Added configuration mysite.com from 2
[INFO] Found 1 configurations
[INFO] Extension activated, version 1.19.3, mode 1
[INFO] [createConnection(mysite.com,config)] Creating a new connection for 'mysite.com'
[INFO] Calculating actual config
[INFO] Fetching PuTTY sessions from registry
[DEBUG] Found 3 sessions:
[DEBUG] - {"name":"mysite.com","hostname":"mysite.com","protocol":"ssh","portnumber":22,"username":"username","usernamefromenvironment":0,"tryagent":1,"publickeyfile":<>,"proxyhost":"proxy","proxyport":80,"proxylocalhost":0,"proxymethod":0}
[DEBUG] Reading PuTTY configuration lead to the following configuration:
{
"name": "mysite.com",
"putty": "mysite.com",
"_location": 2,
"_locations": [
2
],
"_calculated": {
"name": "mysite.com",
"putty": "mysite.com",
"_location": 2,
"_locations": [
2
]
},
"username": "username",
"host": "mysite.com",
"agent": "pageant",
"port": 22
}
[DEBUG] Final configuration:
{
"name": "mysite.com",
"putty": "mysite.com",
"_location": 2,
"_locations": [
2
],
"_calculated": {
"name": "mysite.com",
"putty": "mysite.com",
"_location": 2,
"_locations": [
2
]
},
"username": "username",
"host": "mysite.com",
"agent": "pageant",
"port": 22
}
[INFO] [createSocket(mysite.com)] Creating socket
[DEBUG] [createSocket(mysite.com)] Connecting to mysite.com:22
[INFO] [createSSH(mysite.com)] Flag "DF-GE" not specified, disabling DiffieHellman kex groupex algorithms
[DEBUG] [createSSH(mysite.com)] Resulting algorithms.kex: [email protected],curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[ERROR] [createSSH(mysite.com)] Handshake failed: no matching key exchange algorithm
Reported from createSSH(mysite.com)

[ERROR] Error while connecting to SSH FS mysite.com:
Handshake failed: no matching key exchange algorithm

[ERROR] Handshake failed: no matching key exchange algorithm
JSON: {"level":"handshake"}

[Baledin]

I want to add that this only impacts specific servers, the error is only impacting Bluehost.com servers for me but my other servers are working as expected.

[SchoofsKelvin]

Could you add "debug": true to your config (in your workpace settings file it looks like?) and re-run for the log? It should display the list of algorithms the server (openly) supports. Here's what it should look like:

    "sshfs.configs": [
        {
            "name": "mysite.com",
            "putty": "mysite.com",
            "debug": true
        }
    ]

It's probably related to #239, as I recently added an auto-fix for it that disables some algorithms, probably the only ones that both VS Code and your server support, but coincidentally are the broken algorithms.

You could risk adding "sshfs.flags": ["DF-GE"] to your User/Workspace settings, but in VS Code 1.53.0 this might result in VS Code just crashing whenever it tries to connect. They fixed this in 1.54.0 though.

[Baledin]

Sure thing (looks like remote only wants Diffie Hellman if I'm reading this right... but that crashes VS Code's extension manager if I force enable it):

[INFO] Command received to connect mysite
[INFO] [createConnection(mysite,config)] Creating a new connection for 'mysite'
[INFO] Calculating actual config
[DEBUG] Read private key from my-ppk-file
[DEBUG] Final configuration:
{
"name": "mysite",
"host": "mysite",
"debug": true,
"agent": "pageant",
"root": "",
"username": "username",
"privateKeyPath": "my-ppk-file",
"_location": 2,
"_locations": [
2
],
"_calculated": {
"name": "mysite",
"host": "mysite",
"debug": true,
"agent": "pageant",
"root": "",
"username": "username",
"privateKeyPath": "my-ppk-file",
"_location": 2,
"_locations": [
2
]
},
"privateKey": "Buffer(1460)"
}
[INFO] [createSocket(mysite)] Creating socket
[DEBUG] [createSocket(mysite)] Connecting to mysite:22
[INFO] [createSSH(mysite)] Flag "DF-GE" not specified, disabling DiffieHellman kex groupex algorithms
[DEBUG] [createSSH(mysite)] Resulting algorithms.kex: [email protected],curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[DEBUG] [ssh2(mysite)] DEBUG: Local ident: 'SSH-2.0-ssh2js0.4.10'
[DEBUG] [ssh2(mysite)] DEBUG: Parser: IN_INIT
[DEBUG] [ssh2(mysite)] DEBUG: Parser: IN_GREETING
[DEBUG] [ssh2(mysite)] DEBUG: Parser: IN_HEADER
[DEBUG] [ssh2(mysite)] DEBUG: Remote ident: 'SSH-2.0-OpenSSH_5.3'
[DEBUG] [ssh2(mysite)] DEBUG: Outgoing: Writing KEXINIT
[DEBUG] [ssh2(mysite)] DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
[DEBUG] [ssh2(mysite)] DEBUG: Parser: IN_PACKET
[DEBUG] [ssh2(mysite)] DEBUG: Parser: pktLen:364,padLen:6,remainLen:360
[DEBUG] [ssh2(mysite)] DEBUG: Parser: IN_PACKETDATA
[DEBUG] [ssh2(mysite)] DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXINIT
[DEBUG] [ssh2(mysite)] DEBUG: Comparing KEXINITs ...
[DEBUG] [ssh2(mysite)] DEBUG: (local) KEX algorithms: [email protected],curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
[DEBUG] [ssh2(mysite)] DEBUG: (remote) KEX algorithms: diffie-hellman-group-exchange-sha256
[DEBUG] [ssh2(mysite)] DEBUG: No matching key exchange algorithm
[ERROR] [createSSH(mysite)] Handshake failed: no matching key exchange algorithm
Logged at:
at T. (c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\2.extension.js:1:6494)
at T.emit (events.js:315:20)
at T.EventEmitter.emit (domain.js:483:12)
at ae. (c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\0.extension.js:1:21144)
at ae.emit (events.js:327:22)
Reported from createSSH(mysite)
[DEBUG] [ssh2(mysite)] DEBUG: Outgoing: Writing DISCONNECT (KEY_EXCHANGE_FAILED)
[ERROR] Error while connecting to SSH FS mysite:
Handshake failed: no matching key exchange algorithm
Logged at:
at c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\extension.js:1:29569
at processTicksAndRejections (internal/process/task_queues.js:97:5)

[ERROR] Handshake failed: no matching key exchange algorithm
JSON: {"level":"handshake"}
Error: Handshake failed: no matching key exchange algorithm
at c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\0.extension.js:1:183732
at o (c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\0.extension.js:1:188132)
at c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\0.extension.js:1:183156
at ae. (c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\0.extension.js:1:188362)
at ae.emit (events.js:315:20)
at ae.EventEmitter.emit (domain.js:483:12)
at c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\0.extension.js:1:205969
at ce (c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\0.extension.js:1:205989)
at ae._transform (c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\0.extension.js:1:222199)
Logged at:
at c:\Users\jeremy.vscode\extensions\kelvin.vscode-sshfs-1.19.3\dist\extension.js:1:29635
at processTicksAndRejections (internal/process/task_queues.js:97:5)

[DEBUG] Reading ssh://mysite/.vscode/settings.json
[DEBUG] Reading ssh://mysite/.vscode/tasks.json
[DEBUG] Reading ssh://mysite/.vscode/launch.json
[DEBUG] Reading ssh://mysite/.vscode/settings.json
[DEBUG] Reading ssh://mysite/.vscode/tasks.json
[DEBUG] Reading ssh://mysite/.vscode/launch.json
[DEBUG] Reading ssh://mysite/.git/config
[DEBUG] Reading ssh://mysite/.vscode/extensions.json
[DEBUG] Reading ssh://mysite/.vscode/extensions.json
[DEBUG] Reading ssh://mysite/.vscode/extensions.json
[DEBUG] Reading ssh://mysite/.vscode/extensions.json
[DEBUG] Reading ssh://mysite/.devcontainer/devcontainer.json
[DEBUG] Reading ssh://mysite/.vscode/extensions.json
[DEBUG] Reading ssh://mysite/.vscode/extensions.json

[SchoofsKelvin]

[DEBUG] [ssh2(mysite)] DEBUG: (remote) KEX algorithms: diffie-hellman-group-exchange-sha256

looks like remote only wants Diffie Hellman if I'm reading this right... but that crashes VS Code's extension manager if I force enable it

That's indeed what's going on here. Although it's quite unusual for a server to be configured to only support that one algorithm. There are basically 3 ways to solve this:

• Configure your server to enable one of the supported algorithms (I'd imagine OpenSSH, even v5.3, supports more)
• Downgrade VS Code to 1.52.0 where this issue didn't happen (still would need to use the DF-GE flag for now)
• Use the VS Code 1.54.0 Insiders build, where this issue is already (confirmed) fixed. Or wait for the normal 1.54.0 release

[Baledin]

Unfortunately, it's a client's server (shared hosting, I believe) and I don't think that they have access to changing the algorithms. I have two weeks until the next maintenance where I require more than the currently working tools. I'll sort out what to do in the meantime.

Thanks for the assist in sorting it out, I tried looking through the logs initially but my sleep deprived brain didn't think to add a debug flag in first :D

[antonio-petricca]

Hi, my error is the following:

JSON: {"level":"handshake","fatal":true}
Error: Handshake failed: no matching C->S cipher
at f (/home/antonio/.vscode/extensions/kelvin.vscode-sshfs-1.25.0/dist/14f8.extension.js:1:296579)
at doFatalError (/home/antonio/.vscode/extensions/kelvin.vscode-sshfs-1.25.0/dist/14f8.extension.js:1:297018)
at F (/home/antonio/.vscode/extensions/kelvin.vscode-sshfs-1.25.0/dist/14f8.extension.js:1:251258)
at e.exports.q (/home/antonio/.vscode/extensions/kelvin.vscode-sshfs-1.25.0/dist/14f8.extension.js:1:271492)
at NullDecipher.decrypt (/home/antonio/.vscode/extensions/kelvin.vscode-sshfs-1.25.0/dist/14f8.extension.js:1:211201)
at e.exports.H [as _parse] (/home/antonio/.vscode/extensions/kelvin.vscode-sshfs-1.25.0/dist/14f8.extension.js:1:109433)
at e.exports.parse (/home/antonio/.vscode/extensions/kelvin.vscode-sshfs-1.25.0/dist/14f8.extension.js:1:113236)
at Socket. (/home/antonio/.vscode/extensions/kelvin.vscode-sshfs-1.25.0/dist/14f8.extension.js:1:95036)
at Socket.emit (node:events:526:28)
at addChunk (node:internal/streams/readable:315:12)
Logged at:
at m.commandTerminal (/home/antonio/.vscode/extensions/kelvin.vscode-sshfs-1.25.0/dist/extension.js:11:29508)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at s.h (/usr/share/code/resources/app/out/vs/workbench/api/node/extensionHostProcess.js:96:108008)
[DEBUG] [ssh2(sprormmpsviln01)] Socket ended
[DEBUG] [ssh2(sprormmpsviln01)] Socket closed

[SchoofsKelvin]

@antonio-petricca please make a new issue for more info. Also enable debug logging and/or check your server's SSH logs, as it might tell us more about the cipher issue.