DigitalOcean

Report this

What is the reason for this report?
Question

Having problem with remote login on Ubuntu after being updated to 15.04

Posted on August 7, 2015
Security
Linux Basics
dirk2099

By dirk2099

I updated my server from 14.1 to 15.04 and I having issues logging in with one of my IDE’s. I kept getting this errror,

establishing sftp connection failed no suitable key exchange algorithm could be agreed

I found this page with a solution https://nikinuryadin.wordpress.com/2015/05/19/aptana-studio-3-sftp-key-exchange/

It says to add this line to my /etc/ssh/sshd_config file

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
KexAlgorithms=curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

My question is, will this weaken my security or cause any major security risks by adding these ciphers?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Andrew SB
Andrew SBDigitalOcean Employee badge
June 2, 2016

A number of those ciphers have been deemed as legacy by the OpenSSH team and are no longer supported by default. While for some attacks are still just theoretical, it’s still encouraged to regenerate your keys to use stronger a cipher. diffie-hellman-group1-sha1 in particular was commonly used. You can read more about its weaknesses here:

We further estimate that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break.

You can regenerate the server’s host keys using:

sudo dpkg-reconfigure openssh-server

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.