SSH Keyexchange Issues

When I try to connect to my remote DB using SSH, it fails with the following error:

"Can't connect to SSH server on '[IP address]': Server does not support curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 for keyexchange"

However, when I run "ssh -Q kex" on my server, I get the following:

"diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
* diffie-hellman-group14-sha256
* diffie-hellman-group16-sha512
* diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
* diffie-hellman-group-exchange-sha256
* ecdh-sha2-nistp256
* ecdh-sha2-nistp384
* ecdh-sha2-nistp521
* curve25519-sha256
* curve25519-sha256@libssh.org
sntrup4591761x25519-sha512@tinyssh.org"

(the starred ones are listed in MySQL Compare's error output)

Does anyone know how to resolve this?

Answers

  • RichPastyRichPasty Posts: 2 New member
    edited November 11, 2022 1:17PM
    I had the same problem on my system.

    Client is on latest Windows 11 Pro, server is Debian Bullseye

    Doing the same check as you shows that there are Kex in common, but still won't connect.

    I did a wireshark capture to find out what's going on. It seems that Redgate is only asking for diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1

    Enabling diffie-hellman-group14-sha1 on the server by adding:

    KexAlgorithms +diffie-hellman-group14-sha1

    to etc / ssh / sshd_config

    and restarting ssh fixed it for me.



  • RichPastyRichPasty Posts: 2 New member
    edited November 11, 2022 1:17PM
    cloudflare doesn't like the full path to sshd_config, and gives an error.
Sign In or Register to comment.