fatal error: incompatible ssh peer (no acceptable kex algorithm)

  • Last Update :
  • Techknowledgy :

In /etc/ssh/sshd_config:

Ciphers aes256 - gcm @openssh.com, aes128 - gcm @openssh.com, aes256 - ctr, aes128 - ctr
MACs hmac - sha2 - 512 - etm @openssh.com, hmac - sha2 - 256 - etm @openssh.com, umac - 128 - etm @openssh.com, hmac - sha2 - 512, hmac - sha2 - 256, hmac - ripemd160, hmac - sha1
KexAlgorithms diffie - hellman - group - exchange - sha256, diffie - hellman - group14 - sha1, diffie - hellman - group - exchange - sha1

I upgraded the paramiko to fix the problem:

 sudo pip install paramiko--upgrade

Doing a paramiko upgrade resolved this issue:

sudo pip install paramiko--upgrade

I ran into a situation where one script would SSH into a system just fine, but another similar script would fail with the same

paramiko.SSHException: Incompatible ssh peer(no acceptable kex algorithm)

The situation turned out to be the shebang line at the top of my script:


Would fail, while

#!/usr/bin/env python

That error is in a situation where your version of paramiko does not support the key exchange algorithms that is using the device you want to connect.

ssh.connect('', 22, username = "user", password = 'passwor')
t = ssh.get_transport()
so = t.get_security_options()
so.kex('diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1')
so.ciphers('aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256')
paramiko.__version__ '1.10.1'

In the paramiko logs you can see the key exchange algos of your connection.

DEB paramiko.transport: starting thread(client mode): 0x11897150 L
INF paramiko.transport: Connected(version 2.0, client OpenSSH_7 .2)
DEB paramiko.transport: kex algos: ['diffie-hellman-group14-sha1', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384'] server key: ['ssh-rsa'] client encrypt: ['aes128-ctr', 'aes256-ctr'] server encrypt: ['aes128-ctr', 'aes256-ctr'] client mac: ['hmac-sha1'] server mac: ['hmac-sha1'] client compress: ['none', 'zlib@openssh.com'] server compress: ['none', 'zlib@openssh.com'] client lang: [''] server lang: [''] kex follows ? False
ERR paramiko.transport: Exception: Incompatible ssh peer(no acceptable kex algorithm)
ERR paramiko.transport: Traceback(most recent call last):
   ERR paramiko.transport: raise SSHException('Incompatible ssh peer (no acceptable kex algorithm)')
ERR paramiko.transport: SSHException: Incompatible ssh peer(no acceptable kex algorithm)

So I recommend to upgrade to a recent paramiko version, for example 2.4.2 for 2018. In this version is supported sha1 and sha2 for key exchange algorithms.

>>> ssh.connect("hostdev", 22, username = "user", password = "pass") >>>
   transport1 = ssh.get_transport() >>>
   so = transport1.get_security_options() >>>
   so.kex('ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1') >>>
   so.ciphers('aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', 'aes192-cbc', 'aes256-cbc', 'blowfish-cbc', '3des-cbc') >>>
   print paramiko.__version__
2.4 .2

At the usual call to connect:

from paramiko
import SSHClient
client = SSHClient()

As Romaan said much earlier all I needed was:

pip install--upgrade paramiko
   Successfully installed paramiko - 2.11 .0

Suggestion : 2

‎03-25-2020 02:56 PM , ‎03-25-2020 09:37 AM - edited ‎03-25-2020 10:11 AM


root @7ccc5784353b: /ansible_local# ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes256-cbc cisco@

Here is the playbook I tried:

root @7ccc5784353b: /ansible_local/cisco_ios
# cat asa.yml
   -- -

   -name: Get_Stats

hosts: asa
gather_facts: false
connection: local

   playbook_name: "Query ASA"
   host: "{{ inventory_hostname }}"
username: "cisco"
password: "cisco"
authorize: yes
auth_pass: "cisco"

   -name: show_commands
   provider: "{{ cli }}"
   -show run -
   show memory

register: print_output

   debug: var = print_output.stdout_lines

Suggestion : 3

paramiko Incompatible ssh peer (no acceptable kex algorithm),After tracing down the error, I noticed that on my remote server, I'm missing some entries in my /etc/ssh/sshd_config file. Neither of my setups have these MACs listed:,I've been using paramiko for a while and everything has worked as expected, but when I moved out of my testing environment, I got this error when opening an ssh session,Python – Paramiko – incompatible ssh server

I've been using paramiko for a while and everything has worked as expected, but when I moved out of my testing environment, I got this error when opening an ssh session

paramiko.ssh_exception.SSHException: Incompatible ssh server(no acceptable macs)

Remote server's sshd_config

# Allow Ciphers and MACs
Ciphers aes256 - ctr, aes192 - ctr, aes128 - ctr, arcfour256, arcfour128
MACs umac - 64 @openssh.com, hmac - ripemd160, hmac - sha2 - 512, hmac - sha2 - 256


class RemoteAccess():
   def __init__(self, host = "abc123", username = "abc", password = "123"):
   self.name = host
self.client = paramiko.SSHClient()
self.client.connect(host, username = username, password = password)

For some reason, paramiko1.15.1 would complain about incompatible MACs. paramiko1.16.0 did not. This was fixed by copying 1.16.0 files to its installation location.

/usr/lib / python2 .7 / site - packages / paramiko