Applicable Delphix Versions
- Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases
184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52
184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11
When trying to add a new environment or refresh an existing environment, the action fails with an error like the following:
Error: Unable to SSH to host "snoopy.acme.com". Error Code: exception.host.ssh.connection.failed Suggested Action: Make sure "snoopy.acme.com" is running and is reachable via SSH from the Delphix Engine. Diagnosing Information: Reached a server listening on port 22 on host "snoopy.acme.com" from the Delphix Engine.
This error generally happens on Delphix versions prior to 6.x when trying to add new or refresh existing environments because the Linux host does not allow SHA1 (Secure Hash Algorithm 1). Recent versions of Linux have deprecated SHA1 and removed support for it from the "sshd_config" file.
Troubleshooting Unable to SSH to Host Due to "Cannot negotiate, proposals do not match" Error
On some versions of Linux, it may be possible to review the
/etc/ssh/sshd_config file to see which algorithms are supported. On others, you may need to run the following command as the root user to get a listing of the supported ciphers, key exchanges, and MACs:
# sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)" gssapikexalgorithms gss-gex-sha1-,gss-group14-sha1- ciphers email@example.com,aes128-ctr,aes192-ctr,aes256-ctr,firstname.lastname@example.org,email@example.com macs firstname.lastname@example.org,email@example.com,firstname.lastname@example.org,email@example.com,firstname.lastname@example.org,email@example.com,firstname.lastname@example.org,hmac-sha2-256,hmac-sha2-512,hmac-sha1 kexalgorithms curve25519-sha256,email@example.com,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
To resolve the issue there are two options:
- Upgrade to Delphix 6.x which fully supports SHA2.
- Add back support for SHA1 until it is possible to upgrade the Delphix Engine to 6.x by updating the
sshd_configof the target host with:
- Any of the following Key Exchanges:
- Any of the following ciphers:
- Any of the following MACs:
After updating the
sshd_config with the above, it is necessary to restart the sshd daemon.