In /etc/ssh/sshd_config:
Ciphers aes256 - gcm @openssh.com, aes128 - gcm @openssh.com, aes256 - ctr, aes128 - ctr
MACs hmac - sha2 - 512 - etm @openssh.com, hmac - sha2 - 256 - etm @openssh.com, umac - 128 - etm @openssh.com, hmac - sha2 - 512, hmac - sha2 - 256, hmac - ripemd160, hmac - sha1
KexAlgorithms diffie - hellman - group - exchange - sha256, diffie - hellman - group14 - sha1, diffie - hellman - group - exchange - sha1I upgraded the paramiko to fix the problem:
sudo pip install paramiko--upgradeDoing a paramiko upgrade resolved this issue:
sudo pip install paramiko--upgradeI ran into a situation where one script would SSH into a system just fine, but another similar script would fail with the same
paramiko.SSHException: Incompatible ssh peer(no acceptable kex algorithm)The situation turned out to be the shebang line at the top of my script:
#!/usr/bin/python
Would fail, while
#!/usr/bin/env python
That error is in a situation where your version of paramiko does not support the key exchange algorithms that is using the device you want to connect.
ssh.connect('10.119.94.8', 22, username = "user", password = 'passwor')
t = ssh.get_transport()
so = t.get_security_options()
so.kex('diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1')
so.ciphers('aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256')
paramiko.__version__ '1.10.1'In the paramiko logs you can see the key exchange algos of your connection.
DEB paramiko.transport: starting thread(client mode): 0x11897150 L
INF paramiko.transport: Connected(version 2.0, client OpenSSH_7 .2)
DEB paramiko.transport: kex algos: ['diffie-hellman-group14-sha1', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384'] server key: ['ssh-rsa'] client encrypt: ['aes128-ctr', 'aes256-ctr'] server encrypt: ['aes128-ctr', 'aes256-ctr'] client mac: ['hmac-sha1'] server mac: ['hmac-sha1'] client compress: ['none', 'zlib@openssh.com'] server compress: ['none', 'zlib@openssh.com'] client lang: [''] server lang: [''] kex follows ? False
ERR paramiko.transport: Exception: Incompatible ssh peer(no acceptable kex algorithm)
ERR paramiko.transport: Traceback(most recent call last):
ERR paramiko.transport: raise SSHException('Incompatible ssh peer (no acceptable kex algorithm)')
ERR paramiko.transport: SSHException: Incompatible ssh peer(no acceptable kex algorithm)So I recommend to upgrade to a recent paramiko version, for example 2.4.2 for 2018. In this version is supported sha1 and sha2 for key exchange algorithms.
>>> ssh.connect("hostdev", 22, username = "user", password = "pass") >>>
transport1 = ssh.get_transport() >>>
so = transport1.get_security_options() >>>
so.kex('ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1') >>>
>>>
so.ciphers('aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc', 'blowfish-cbc', '3des-cbc') >>>
>>>
print paramiko.__version__
2.4 .2At the usual call to connect:
from paramiko
import SSHClient
client = SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(...As Romaan said much earlier all I needed was:
pip install--upgrade paramiko
...
Successfully installed paramiko - 2.11 .003-25-2020 02:56 PM , 03-25-2020 09:37 AM - edited 03-25-2020 10:11 AM
root @7ccc5784353b: /ansible_local# ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes256-cbc cisco@10.1.10.27
Here is the playbook I tried:
root @7ccc5784353b: /ansible_local/cisco_ios
# cat asa.yml
-- -
-name: Get_Stats
hosts: asa
gather_facts: false
connection: local
vars:
playbook_name: "Query ASA"
cli:
host: "{{ inventory_hostname }}"
username: "cisco"
password: "cisco"
authorize: yes
auth_pass: "cisco"
tasks:
-name: show_commands
asa_command:
provider: "{{ cli }}"
commands:
-show run -
show memory
register: print_output
-
debug: var = print_output.stdout_linesparamiko Incompatible ssh peer (no acceptable kex algorithm),After tracing down the error, I noticed that on my remote server, I'm missing some entries in my /etc/ssh/sshd_config file. Neither of my setups have these MACs listed:,I've been using paramiko for a while and everything has worked as expected, but when I moved out of my testing environment, I got this error when opening an ssh session,Python – Paramiko – incompatible ssh server
I've been using paramiko for a while and everything has worked as expected, but when I moved out of my testing environment, I got this error when opening an ssh session
paramiko.ssh_exception.SSHException: Incompatible ssh server(no acceptable macs)Remote server's sshd_config
#
# Allow Ciphers and MACs
#
Ciphers aes256 - ctr, aes192 - ctr, aes128 - ctr, arcfour256, arcfour128
MACs umac - 64 @openssh.com, hmac - ripemd160, hmac - sha2 - 512, hmac - sha2 - 256RemoteAccess.py
class RemoteAccess():
def __init__(self, host = "abc123", username = "abc", password = "123"):
self.name = host
self.client = paramiko.SSHClient()
self.client.load_system_host_keys()
self.client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
self.client.connect(host, username = username, password = password)For some reason, paramiko1.15.1 would complain about incompatible MACs. paramiko1.16.0 did not. This was fixed by copying 1.16.0 files to its installation location.
/usr/lib / python2 .7 / site - packages / paramiko