paramiko Incompatible ssh peer (no acceptable kex algorithm)

Question

I\'m getting the following error when trying to ssh to a Cisco ACS device using the paramiko library. I\'ve used paramiko in python without issue, and I can ssh to this box

Answer 1

I was having similar issue with Debian 8 and OpenSSH on the server side.

As a quick fix, the following Cipher/MACs/KexAlgorithms settings on the server side fixes the issue:

In /etc/ssh/sshd_config:

Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

Though... you should analyze those settings from the security point of view. I set it in lab env, so didn't take care about it.

Also not sure if you can modify it in this way for Cisco ACS