Net::SSH could not settle on encryption_client

April 28, 2015

If you get this error using Net::SSH for Ruby.

irb(main):006:0> Net::SSH.start('somewhere.example.org', 'root', :password => password)
Net::SSH::Exception: could not settle on encryption_client algorithm

It is probably due to the CBC algorithms not being accepted by the server. Older versions of Net::SSH don’t support anything else. Here from version 2.3.0.

ALGORITHMS = {
  :host_key    => %w(ssh-rsa ssh-dss),
  :kex         => %w(diffie-hellman-group-exchange-sha1
                     diffie-hellman-group1-sha1
                     diffie-hellman-group-exchange-sha256),
  :encryption  => %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
                     aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
                     idea-cbc none arcfour128 arcfour256),
  :hmac        => %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96
                     hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96
                     hmac-sha2-512-96 none),
  :compression => %w(none zlib@openssh.com zlib),
  :language    => %w()
}

Newer versions should include a lot more acceptable algorithms. Here from version 2.9.2.

ALGORITHMS = {
  :host_key    => %w(ssh-rsa ssh-dss
                     ssh-rsa-cert-v01@openssh.com
                     ssh-rsa-cert-v00@openssh.com),
  :kex         => %w(diffie-hellman-group-exchange-sha1
                     diffie-hellman-group1-sha1
                     diffie-hellman-group14-sha1
                     diffie-hellman-group-exchange-sha256),
  :encryption  => %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
                     aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
                     idea-cbc none arcfour128 arcfour256 arcfour
                     aes128-ctr aes192-ctr aes256-ctr
                     camellia128-cbc camellia192-cbc camellia256-cbc
                     camellia128-cbc@openssh.org
                     camellia192-cbc@openssh.org
                     camellia256-cbc@openssh.org
                     camellia128-ctr camellia192-ctr camellia256-ctr
                     camellia128-ctr@openssh.org
                     camellia192-ctr@openssh.org
                     camellia256-ctr@openssh.org
                     cast128-ctr blowfish-ctr 3des-ctr
                    ),

  :hmac        => %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96
                     hmac-ripemd160 hmac-ripemd160@openssh.com
                     hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96
                     hmac-sha2-512-96 none),

  :compression => %w(none zlib@openssh.com zlib),
  :language    => %w()
}

Reference http://www.openssh.com/txt/cbc.adv

Share this post on Twitter
Morten Møller Riis

By Morten Møller Riis

I am a programmer, sysadmin, devops. I work for Gigahost in Copenhagen, Denmark. I am based in Odense, Denmark.

Twitter   ·   LinkedIn   ·   E-mail