Exception: Incompatible ssh server (no acceptable macs)
See original GitHub issueI see a similar issue post for “Exception: Incompatible ssh peer (no acceptable host key) #2556” but this exception is subtly different. I am trying to access a Juniper device with netmiko (version 3.4.0 and paramiko version 2.8.0) and receive the Traceback below. Below the Traceback is code used to test and log content. This only seems to be an issue with Juniper device. Other devices connect without issue. Any assistance would be greatly appreciated. Thanks in advance.
Traceback (most recent call last):
File "netmiko_jun_test.py", line 17, in <module>
router_connection = ConnectHandler(**juniper_mse)
File "/usr/local/lib/python3.6/site-packages/netmiko/ssh_dispatcher.py", line 337, in ConnectHandler
return ConnectionClass(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/netmiko/juniper/juniper.py", line 20, in __init__
return super().__init__(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 350, in __init__
self._open()
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 355, in _open
self.establish_connection()
File "/usr/local/lib/python3.6/site-packages/netmiko/base_connection.py", line 935, in establish_connection
self.remote_conn_pre.connect(**ssh_connect_params)
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 406, in connect
t.start_client(timeout=timeout)
File "/usr/local/lib/python3.6/site-packages/paramiko/transport.py", line 660, in start_client
raise e
File "/usr/local/lib/python3.6/site-packages/paramiko/transport.py", line 2083, in run
self._handler_table[ptype](self, m)
File "/usr/local/lib/python3.6/site-packages/paramiko/transport.py", line 2198, in _negotiate_keys
self._parse_kex_init(m)
File "/usr/local/lib/python3.6/site-packages/paramiko/transport.py", line 2438, in _parse_kex_init
raise SSHException("Incompatible ssh server (no acceptable macs)")
Test code:
from netmiko import ConnectHandler
import logging
logging.basicConfig(filename='test.log', level=logging.DEBUG)
juniper_device = {
"device_type": "juniper",
"host": "device_ip",
"username": "user_id",
"password": "user_pwd"
}
router_connection = None
router_connection = ConnectHandler(**juniper_device)
if router_connection:
router_connection.disconnect()
Log content:
DEBUG:paramiko.transport:Kex agreed: curve25519-sha256@libssh.org
DEBUG:paramiko.transport:HostKey agreed: ssh-ed25519
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
ERROR:paramiko.transport:Exception: Incompatible ssh server (no acceptable macs)
ERROR:paramiko.transport:Traceback (most recent call last):
ERROR:paramiko.transport: File "/usr/local/lib/python3.6/site-packages/paramiko/transport.py", line 2083, in run
ERROR:paramiko.transport: self._handler_table[ptype](self, m)
ERROR:paramiko.transport: File "/usr/local/lib/python3.6/site-packages/paramiko/transport.py", line 2198, in _negotiate_keys
ERROR:paramiko.transport: self._parse_kex_init(m)
ERROR:paramiko.transport: File "/usr/local/lib/python3.6/site-packages/paramiko/transport.py", line 2438, in _parse_kex_init
ERROR:paramiko.transport: raise SSHException("Incompatible ssh server (no acceptable macs)")
ERROR:paramiko.transport:paramiko.ssh_exception.SSHException: Incompatible ssh server (no acceptable macs)
ERROR:paramiko.transport:
Issue Analytics
- State:
- Created 2 years ago
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Paramiko - Incompatible SSH server (no acceptable macs)
After tracing down the error, I noticed that on my remote server, I'm missing some entries in my /etc/ssh/sshd_config file. Neither of my...
Read more >How to resolve the "no acceptable macs" SSH key exchange ...
This error is caused by missing entries. Add the following entries to the /etc/ssh/sshd_config file ...
Read more >Incompatible ssh server (no acceptable macs). Line:666. code
The target SSH server uses ciphers that are incompatible with the Paramiko library version on the CPM.
Read more >Paramiko – Incompatible SSH server (no acceptable macs)
After tracing down the error, I noticed that on my remote server, I'm missing some entries in my /etc/ssh/sshd_config file. Neither of my...
Read more >SSHException: Incompatible ssh server (no acceptable ciphers)
ERR [20090216-15:36:38.530] thr=5 paramiko.transport: Exception: Incompatible ssh server (no acceptable ciphers)
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
To answer, both environments are running cryptography 35.0.0. But we’ve discovered the root cause of our issue. We found that a custom driver is doing:
paramiko.Transport._preferred_macs = ("hmac-sha1",)
And once netmiko is imported that gets set in our running environment. Anything that not have hmac-sha1 in their list fails to connect. In this case it is Juniper devices for us.
Thank you very much for your prompt responses to our post.
Okay, definitely should mention that you are using a custom driver in the future.
I was scratching my head on how the preferred_macs were getting set to only “hmac-sha1”