C.3.4. Error: could not settle on encryption_client algorithm

Last Updated: 2015-06-01

Condition or Error

The following error is reported when trying to connect:

Error: could not settle on encryption_client algorithm

Causes

  • Can be due to missing an acceptable cipher on any one of the hosts.

Rectifications

  • This is a list of acceptable ciphers:

    aes128-cbc
    3des-cbc
    blowfish-cbc
    cast128-cbc
    aes192-cbc
    aes256-cbc
    rijndael-cbc@lysator.liu.se
    idea-cbc
    none
    arcfour128
    arcfour256

    These can be configured in /etc/ssh/sshd_config under Ciphers.

    Try adding a supported cipher (aes256-cbc_ to the end of the ciphers in your ssh server config file. Note that SSH and OpenSSL ciphers are mapped, for example like the following:

    // Maps the SSH name of a cipher to it's corresponding OpenSSL name
    SSH_TO_OSSL = {
     "3des-cbc" => "des-ede3-cbc",
     "blowfish-cbc" => "bf-cbc",
     "aes256-cbc" => "aes-256-cbc",
     "aes192-cbc" => "aes-192-cbc",
     "aes128-cbc" => "aes-128-cbc",
     "idea-cbc" => "idea-cbc",
     "cast128-cbc" => "cast-cbc",
     "arcfour128" => "rc4",
     "arcfour256" => "rc4",
     "arcfour512" => "rc4",
     "none" => "none"
    }