JSchException: Algorithm negotiation fail

Finally a solution that works without having to make any changes to the server:

  1. Download the latest jsch.jar as Yvan suggests: http://sourceforge.net/projects/jsch/files/jsch.jar/ jsch-0.1.52.jar works fine

  2. Place the downloaded file in your "...\JetBrains\PhpStorm 8.0.1\lib", and remove the existing jsch-file (for PHPStorm 8 it's jsch-0.1.50.jar)

  3. Restart PHPStorm and it should work

Use the same solution for Webstorm


There are a couple of places that SSH clients and servers try and agree on a common implementation. Two I know of are encryption and compression. The server and client produce a list of available options and then the best available option in both lists is chosen.

If there is no acceptable option in the lists then it fails with the error you got. I'm guessing from the debug output here but it looks like the only server options for encryption are "aes256-cbc hmac-md5 none".

JSch doesn't do hmac-md5 and aes256-cbc is disabled because of your Java policy files. Two things you could try are...

  1. To increase the available encryption libraries on the server, install unrestricted policy files on your client, enabling aes256-cbc (make sure the message saying it is disabled goes away, those policy files are notoriously easy to install on the wrong JVM) from the site:

    For JDK 1.6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

    For JDK 1.7: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

    For JDK 1.8: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

  2. or try and disable encryption.

The first is ideal if you have access to the server (trust me aes128-cbc is plenty of encryption), but the second is easy enough to quickly test out the theory.


FWIW, I had this same error message under JSch 0.1.50. Upgrading to 0.1.52 solved the problem.


The complete steps to add the algorithms to the RECEIVING server (the one you are connecting to). I'm assuming this is a Linux server.

sudo /etc/ssh/sshd_config

Add this to the file (it can be at the end):

KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

Then restart the SSH server:

sudo service sshd restart

Tags:

Java

Encryption

Sftp

Ssh

Jsch

Recent Posts