Unable to compute key for Kex reply

Home Forums General FTP Client Help Unable to compute key for Kex reply

  • This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #30418
    russds
    Participant

    Hello, I’ve setup the Cerberus software, with basically all the defaults, and the server appears to be running fine. When I try to connect using either filezilla or winscp, i get this message on the server log:

    Winscp:

    Code:


    2014/03/27 08:37:54 [20] Client Identification: SSH-2.0-WinSCP_release_5.5.1
    2014/03/27 08:37:54 [20] Algorithm negotiation complete: Proceeding with key exchange
    2014/03/27 08:37:54 [20] Kex: ‘diffie-hellman-group-exchange-sha256’ Host Key: ‘ssh-rsa’ C2S : ‘aes256-ctr, hmac-sha2-256, none’ S2C : ‘aes256-ctr, hmac-sha2-256, none’
    2014/03/27 08:37:55 [20] Unable to generate DH key: error:0507306F:Diffie-Hellman routines:DH_generate_key:non fips method
    2014/03/27 08:37:55 [20] Unable to compute key for Kex reply
    2014/03/27 08:37:55 [20] The client closed the connection

    Filezilla:

    Code:


    2014/03/27 08:59:28 [24] Client Identification: SSH-2.0-PuTTY_Local:_Feb_11_2014_20:29:07
    2014/03/27 08:59:28 [24] Algorithm negotiation complete: Proceeding with key exchange
    2014/03/27 08:59:28 [24] Kex: ‘diffie-hellman-group-exchange-sha256’ Host Key: ‘ssh-rsa’ C2S : ‘aes256-ctr, hmac-sha2-256, none’ S2C : ‘aes256-ctr, hmac-sha2-256, none’
    2014/03/27 08:59:28 [24] Unable to generate DH key: error:0507306F:Diffie-Hellman routines:DH_generate_key:non fips method
    2014/03/27 08:59:28 [24] Unable to compute key for Kex reply
    2014/03/27 08:59:28 [24] The client closed the connection

    I’m not too familiar with security settings, keys, certificates, and what not, but it appears both Clients are trying to use ‘diffie-hellman-group-exchange-sha256’ which Cerberus is rejecting? Is this assesment correct, and if so, does anyone know how to change the settings (server or client) so that I use another type of key exchange?

    Thanks!

    #36836
    russds
    Participant

    Well, I’m not sure why or how, but restarting the server (the whole machine) seemed to do the trick. Now it’s working fine.

    #36837
    imported_Serin
    Participant

    Hello,

    Yes, there is an issue with SSH SFTP connections after the first time you enable FIPS 140-2 that usually requires a service restart. You shouldn’t have the issue again.

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.
Close Cart

Shopping Cart