Net::SSH::Exception: could not settle on kex algorithm
updating sshd platform submodule to the latest HEAD breaks capistrano/net-ssh:
--- git/bitmask ‹master› » leap node init local1 = connecting to node local1 = installing insecure vagrant key - error Capistrano::ConnectionError: connection failed for: local1.bitmask.local (Net::SSH::Exception: could not settle on kex algorithm) --- git/bitmask ‹master› » leap deploy hint: use --force to skip this prompt. Do you really want to deploy from the wrong branch? y = checking node - error Capistrano::ConnectionError: connection failed for: local1.bitmask.local (Net::SSH::Exception: could not settle on kex algorithm)
"leap ssh local1" works btw
on the node, i see from /var/log/auth.log:
Nov 9 09:50:38 local1 sshd[7581]: fatal: Unable to negotiate a key exchange method [preauth]
this is the change deployed to /etc/sshd/sshd_config:
root@local1:/etc/ssh# git diff sshd_config diff --git a/ssh/sshd_config b/ssh/sshd_config index 2ac3601..bfd1cf6 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -72,6 +72,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* @@ -94,6 +96,7 @@ AllowTcpForwarding no AllowAgentForwarding no -Ciphers aes256-ctr -MACs hmac-sha1 +KexAlgorithms curve25519-sha256@libssh.org +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
elijah: i saw that you pinned net-ssh to a certain version (2.7), 3.0.x is available which might fix this, but your comment said that upgrading net-ssh would possibly break capistrano, so i didn't tried it.
(from redmine: created on 2015-11-09, closed on 2015-11-17, relates #6614 (closed), relates #6616, blocks #6796)