I'm trying to ssh from Jenkins to a local server but the following error is thrown:

[SSH] Exception:Algorithm negotiation fail
    com.jcraft.jsch.JSchException: Algorithm negotiation fail
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:520)
    at com.jcraft.jsch.Session.connect(Session.java:286)
    at com.jcraft.jsch.Session.connect(Session.java:150)
    at org.jvnet.hudson.plugins.SSHSite.createSession(SSHSite.java:141)
    at org.jvnet.hudson.plugins.SSHSite.executeCommand(SSHSite.java:151)
    at org.jvnet.hudson.plugins.SSHBuildWrapper.executePreBuildScript(SSHBuildWrapper.java:75)
    at org.jvnet.hudson.plugins.SSHBuildWrapper.setUp(SSHBuildWrapper.java:59)
    at hudson.model.Build$BuildExecution.doRun(Build.java:154)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:533)
    at hudson.model.Run.execute(Run.java:1754)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:89)
    at hudson.model.Executor.run(Executor.java:240)
Finished: FAILURE

Installed version of Java on SSH server:

java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)

Installed version of java on client:

java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)

Also tried this solution: JSchException: Algorithm negotiation fail but it's not working. From putty everything seems to be ok. The connection is established but when I trigger the Jenkins job the error is thrown. Should I try another version of ssh server. Now I'm using copssh.

TL;DR edit your sshd_config and enable support for diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 in KexAlgorithms:

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

I suspect that the problem appeared after the following change in OpenSSH 6.7: "The default set of ciphers and MACs has been altered to remove unsafe algorithms.". (see changelog). This version was released on Oct, 6, and made it on Oct, 21 to Debian testing (see Debian changelog).

OpenSSH enables only the following key exchange algorithms by default:

• curve25519-sha256@libssh.org
• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521
• diffie-hellman-group-exchange-sha256
• diffie-hellman-group14-sha1

Whereas JSch claims to support these algorithms (see under "features") for key exchange:

• diffie-hellman-group-exchange-sha1
• diffie-hellman-group1-sha1

So indeed, they cannot agree on a common key exchange algorithm. Updating sshd_config (and restarting the SSH server) does the trick. Apparently JSch is supposed to support the "diffie-hellman-group-exchange-sha256" method since version 0.1.50 (see changelog).

As outlined here: http://sourceforge.net/p/jsch/mailman/message/32975616/, in JSch 0.1.51 diffie-hellman-group-exchange-sha256 is implemented, but not enabled. You can enable it using the setConfig function like so:

JSch jsch = new JSch();

java.util.Properties configuration = new java.util.Properties();
configuration.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256");
configuration.put("StrictHostKeyChecking", "no");

Session session = jsch.getSession("username", "hostname", 22);
session.setPassword("password");
session.setConfig(configuration);
session.connect();

We had the same problem with our jenkins (2.21) and the SSH plugin (2.4)

Our solution is to use the nativ shell execution. It seems that the jenkins plugins does not use the same ssh connection settings than the nativ shell.

So you could make the ssh connect like this (without the ssh-plugin):

ssh user@host <<'ENDSSH'
 echo your remote command here
ENDSSH 

If you wrap your remote commands with the code above the connection works fine.

With this solution you dont need the ssh-plugin anymore.

For your information: We got the problem on our mittwald servers since they upgraded the openssh on there servers.

In my case - OpenSSH_6.7p1 on server - I had to modify KexAlgorithms and MACs (additional hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 values):

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com,hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96

Above should be put placed:

/etc/ssh/sshd_config

And then restart the ssh:

sudo /etc/init.d/ssh restart

I have faced exactly same problem. AS Matthieu suggested we have to add some key-exchange algoritm in sshd-config file present in cygwin>etc>sshd_config. I have just added following and its worked for me,

KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

But the file itself is in read only mode so we have to provide it all access like read,write and execute though comand prompt. "chmode 777 sshd_config". then add above mention algorithms. stop the sshd service through "net stop sshd" and then start it "net start sshd".

Have fun....

The only this helped to me.

If you want to temporarily fix this issue, simply download "Jsch" with min. version of 0.1.53 and move it to the SSH plugin directory, for example: cp /tmp/jsch-0.1.53.jar /var/lib/jenkins/plugins/ssh/WEB-INF/lib/ Don't forget to restart jenkins. You should now be able to Build your Job with Debian Jessie.

https://issues.jenkins-ci.org/browse/JENKINS-25258?focusedCommentId=274232&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-274232

Instead of fixing this on the server side, you can also update the client side. If you use http://maven.apache.org/wagon/wagon-providers/wagon-ssh/ in a newer version (>= 2.12 - current release as of Sep. 2018 is 3.2.0), this problem does not occur anymore.

<project>
  <!-- ... -->
  <build>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-site-plugin</artifactId>
          <version>3.6</version>
          <dependencies>
            <dependency>
              <groupId>org.apache.maven.wagon</groupId>
              <artifactId>wagon-ssh</artifactId>
              <version>3.2.0</version>
            </dependency>
          </dependencies>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
  <!-- ... -->
</project>

Update 2018-10-21: The latest version is now 3.2.0. Due to various vulnerability issues I'd advise to always use a current version of SSH- or SSL-related software anyway. So please check and update your dependencies in your code.

I also faced same problem with similar exceptions on Jenkins console. Then I tried Matthieu Wipliez's solution. But it did not work as same configuration was already done on my SSH server(Remote machine: Linux ubuntu 16.04).

After spending few hours, I just checked my SSH plugin's version which was 2.1 and I just updated it to latest (2.5).

And guess what it worked!!

I do not know whether it will work in every similar case but I would like to suggest try it first. It may save your time.

If you end up here because you get the same error in PyCharm -

I'm using 2016.2.3 and can only upgrade if I convert to the subscription model. The problem is only seen on my Windows box. I was unable to get the remote server updated as described in other answers (KexAlgorithms).

My solution is

1. Click Help
2. Select "Find Action"
3. Type "Switch IDE Boot JDK.."
4. Use the drop down arrow and click the "..." option
5. Find the version of JAVA you're using on your local machine and select that folder.

PyCharm restarts and I'm able to ssh to remote servers.