1-800-691-1991 | 9am - 8pm ET
EN

Server does not support diffie-hellman-group1-sha1 for keyexchange

KB ID: 2061
Product: Veeam Backup & Replication
Veeam Cloud Connect
Version: Any
Published: 2015-08-28
Last Modified: 2022-01-06
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

When attempting to add a managed Linux server, you may receive one of the errors below.

Failed to negotiate key exchange algorithm
Client encryption algorithm not found
Server HMAC algorithm not found

Cause

When Veeam connects to a Linux target, we require Diffie-Helman key exchange capabilities for successful secure connections and to reduce the possibility that a password will be intercepted when authenticating to the storage. In some Linux distributions, /etc/ssh/sshd_conf is missing the KexAlgorithms and Cipher fields to describe which methods are supported by the SSH daemon.

Solution

Review the configuration of your /etc/ssh/sshd_config file and verify that at least one of the Ciphers, KexAlgorithms, and MACs listed below are present. You do not need to add all of the examples below, just make sure at least one from each is present.

Supported ciphers:

  • 3des-cbc
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • blowfish-cbc
  • cast128-cbc
  • arcfour
  • twofish

Supported Key Exchange algorithms:

  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1

Supported HMACs

  • hmac-md5
  • hmac-md5-96
  • hmac-sha1
  • hmac-sha1-96
  • hmac-sha2-256
  • hmac-sha2-256-96
  • hmac-sha2-512
  • hmac-sha2-512-96
  • hmac-ripemd160
  • hmac-ripemd160@openssh.com

 

See the man page for your sshd_config file and/or query for the supported ciphers, key exchange algorithms, and keyed-hash message authentication codes using the following command:

sshd -T

 

If needed, modify the sshd_config file to add one of the supported entries. Then, to generate the newly added keys, run

ssh-keygen -A

and restart the sshd service on the machine (reboot works fine, too).

More information

Some systems offer an option in the GUI to disable or re-enable SSH logon, but these do not always actually restart the daemon. Typically, it is best to restart the service using the command

service sshd restart

or your distribution’s equivalent.

Click here to send feedback regarding this KB, or suggest content for a new KB.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you for your interest in Veeam products!
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.