Aptana SFTP Key Exchange

Rob Nelson picture Rob Nelson · Oct 26, 2014 · Viewed 21.3k times · Source

I'm currently working with Aptana Studio 3.6.1 (a custom build with some PHP syntax fixes). I use SFTP to upload files from my project to a test site, using the publishing tools (upload/download arrows at the top of the project).

Recently, I became unable to upload files. WinSCP is able to do so just fine, and I can SSH into the server without problem when using PuTTY or plain old OpenSSH. Aptana, however, throws a fit:

Failed to upload file
Establishing SFTP connection failed: No suitable key exchange algorithm could be agreed.
No suitable key exchange algorithm could be agreed.

The corresponding error in auth.log (with LogLevel DEBUG1):

Oct 26 14:42:42 dedi sshd[13690]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Oct 26 14:42:42 dedi sshd[13690]: debug1: inetd sockets after dupping: 3, 3
Oct 26 14:42:42 dedi sshd[13690]: Connection from [My IP] port 24321 on [Server IP] port 22
Oct 26 14:42:42 dedi sshd[13690]: debug1: Client protocol version 2.0; client software version edtFTPjPRO-4.1.0
Oct 26 14:42:42 dedi sshd[13690]: debug1: no match: edtFTPjPRO-4.1.0
Oct 26 14:42:42 dedi sshd[13690]: debug1: Enabling compatibility mode for protocol 2.0
Oct 26 14:42:42 dedi sshd[13690]: debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-2
Oct 26 14:42:42 dedi sshd[13690]: debug1: permanently_set_uid: 102/65534 [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: SSH2_MSG_KEXINIT received [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: kex: client->server 3des-cbc hmac-sha1 none [preauth]
Oct 26 14:42:42 dedi sshd[13690]: debug1: kex: server->client 3des-cbc hmac-sha1 none [preauth]
Oct 26 14:42:42 dedi sshd[13690]: fatal: Unable to negotiate a key exchange method [preauth]

I should note that I've already mucked around with sshd_config in order to fix an earlier error where some cipher suites that Aptana uses weren't set up on the server. I suspect this problem has something to do with key exchange cipher suites, but I'm unsure of how to debug that problem in order to determine which suites to add.

$ uname -a && lsb_release -a
Linux dedi 3.14-2-amd64 #1 SMP Debian 3.14.15-2 (2014-08-09) x86_64 GNU/Linux
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux testing (jessie)
Release:        testing
Codename:       jessie

Answer

Nikolay picture Nikolay · Oct 27, 2014

Please use DEBUG3 level. Then you will see the list of key exchange algorithms configured on your server as well as the list supported by your client.

Then add the following line to your /etc/ssh/sshd_config:

KexAlgorithms <here comma-separated list of Kex Algorithms configured on your server>,<here one of the Kex Algorithms supported by your client>

For example, the OpenSSH 6.7 has the following algorithms active by default: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1.

If you client supports only diffie-hellman-group1-sha1, then your /etc/ssh/sshd_config should contain

KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1.

That's OK - OpenSSH v.6.7 does support diffie-hellman-group1-sha1 too, however it is off by default. You should allow sshd to use this key exchange algorithm by putting the KexAlgorithms line to your sshd config.