SFTP: connect->getConnection: Handshake failed: no matching key exchange algorithm

Hi,

I’m getting error when try to connect a SFTP.
connect->getConnection: Handshake failed: no matching key exchange algorithm

The server work with key exchange. To solve this problema at sftp client I have configured ssh_config with:
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes128-cbc

How can I do this at n8n SFTP node?

  • n8n version: 0.194.0
  • Running n8n via [Docker, npm, n8n.cloud, desktop app]: Docker install.

Hi @jesse.souza, welcome to the community.

The node doesn’t currently offer any configuration options beyond the ones listed on the credentials screen I am afraid. However, the library used by this node would be this one which appears to support these configuration settings:

One of the connect options provided by the ssh2 module is algorithm , which is an object that allows you to explicitly set the key exchange, ciphers, hmac and compression algorithms as well as server host key used to establish the initial secure connection.

So, I believe this should technically be possible. I shall convert your question into a feature request allowing you and other users to vote on having this implemented in the future.

Thanks for your attention, I’ll see what I can do with NPM module.

Thank you @jesse.souza. Just for clarification: I wasn’t suggesting you do that yourself (though I am sure a PR adding such a feature would be very welcome), just sharing some background around this missing feature.

Hi @jesse.souza I had a similar issue and resolved it by hard-coding the algorithm I needed and rebuilding n8n

// packages/nodes-base/nodes/Ftp/Ftp.node.ts
// appears twice:
...
password: credentials.password as string,
privateKey: credentials.privateKey as string | undefined,
passphrase: credentials.passphrase as string | undefined,
algorithms: {
  kex: ["diffie-hellman-group1-sha1"],
  cipher: ["aes128-cbc"]
}

@MutedJam IMHO I think SFTP is a common entry-point for a lot of first time n8n users. This connection error is frustrating and I can imagine many users give up on n8n quickly.

My client is in healthcare and they were given an SFTP endpoint by a big-name service. OSX and FileZilla etc supported the key exchange out of the box but n8n did not.

As for a PR, I am no ssh expert and unsure as to how this should be done?

  1. hard-code all common exchange algs
  2. provide JSON config input
  3. provide multi text input to list kex