Where to look next?

Damien Miller djm at mindrot.org
Thu Sep 22 02:02:52 AEST 2016

On Wed, 21 Sep 2016, Delisle, John wrote:

> Hello, 
> I'm looking for your insight about the log below. We have an SFTP
> server (IBM Sterling File Gateway) and we're connecting from an
> OpenSSH SFTP client but something fails during KEX.
> Complete client-side debug output is below, but I believe the relevant
> part is:
> debug1: kex: server->client cipher: aes192-cbc MAC: hmac-sha1 compression: none
> debug1: kex: client->server cipher: aes192-cbc MAC: hmac-sha1 compression: none
> debug3: send packet: type 30
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug3: receive packet: type 1
> Received disconnect from port 32:2: Failed to read binary packet data!
> Any suggestions about what's failing, and what the cause might be?
> We're trying to figure out where to go in our troubleshooting, and do
> not understand the meaning of this debug output.

It's failing during key exchange (KEX). You could try explicitly selecting
a different key exchange method e.g.

sftp -oKEXAlgorithms=diffie-hellman-group14-sha1 ...

If that works then it's highly likely that the IBM server has implemented
the ecdh-sha2-nistp256 method incorrectly.


More information about the openssh-unix-dev mailing list