SecureCRT Key exchange failed. No compatible key-exchange method.

by | Last Updated: May 20, 2024 | TROUBLESHOOTING

Reported Issue

When connecting to a remote device using SecureCRT, you may come across the following error message:

SecureCRT Terminal

Key exchange failed.
No compatible key-exchange method. The server supports these methods:
The following key-exchange method(s) are supported but not currently allowed
for this session:
Key-exchange methods can be turned on in the Session Options dialog in the
Connection/SSH2 Category.
WARNING: The diffie-hellman key-exchange method is off by default to address
the Logjam vulnerability.

Problem Explanation

This indicates an issue between the key exchange methods that SecureCRT permits and the ones that the server supports. To fix this, follow the steps given below.

For the client and server to safely create connection, key exchange techniques are essential. They guarantee the safe negotiation of encryption algorithm parameters by both sides. One popular key exchange technique is the diffie-Hellman method. Nevertheless, it has well-known flaws like the Logjam attack, which can erode the encryption and leave the session open to interception.

Many SSH clients, including SecureCRT, block certain key exchange techniques like diffie-hellman by default to increase security as result of these flaws. The diffie-hellman key exchange technique is the only one supported by the remote server you are attempting to connect to; by default, SecureCRT has this enabled.

Since there isn’t mutually supported solution, this leads to key exchange failure.

Resolution Steps

Step 1. Open SecureCRT: Launch SecureCRT on your computer.
Step 2. Access Session Options

    • Navigate to the specific session you are trying to connect to.
    • Right-click on the session name in the session list.
    • Select “Properties” from the context menu.

Step 3. Modify SSH2 Settings

    • In the Session Options window, go to “Connection”.
    • Under “Connection”, select “SSH2”.

Step 4. Enable Diffie-Hellman Key Exchange Method

    • In the SSH2 category, find the “Key exchange” section.
    • You will see a list of key exchange methods that are available but not necessarily enabled.
    • Locate “diffie-hellman-group1-sha1” or “diffie-hellman-group14-sha1” depending on the server’s configuration.

Step 5. Allow Diffie-Hellman Method:

    • Check the box next to the diffie-hellman method to enable it.
    • If unsure which method to enable, you can check both “diffie-hellman-group1-sha1” and “diffie-hellman-group14-sha1” to cover common configurations.

Step 6. Save and Connect

    • Click “OK” to save the changes.
    • Attempt to reconnect to the remote server.


No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.


Submit a Comment

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Share This

Share This

If you liked this post, please share it with your friends.