SFTP: connect->getConnection: Handshake failed: no matching key exchange algorithm


I’m getting error when try to connect a SFTP.
connect->getConnection: Handshake failed: no matching key exchange algorithm

The server work with key exchange. To solve this problema at sftp client I have configured ssh_config with:
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes128-cbc

How can I do this at n8n SFTP node?

  • n8n version: 0.194.0
  • Running n8n via [Docker, npm, n8n.cloud, desktop app]: Docker install.

Hi @jesse.souza, welcome to the community.

The node doesn’t currently offer any configuration options beyond the ones listed on the credentials screen I am afraid. However, the library used by this node would be this one which appears to support these configuration settings:

One of the connect options provided by the ssh2 module is algorithm , which is an object that allows you to explicitly set the key exchange, ciphers, hmac and compression algorithms as well as server host key used to establish the initial secure connection.

So, I believe this should technically be possible. I shall convert your question into a feature request allowing you and other users to vote on having this implemented in the future.

Thanks for your attention, I’ll see what I can do with NPM module.

Thank you @jesse.souza. Just for clarification: I wasn’t suggesting you do that yourself (though I am sure a PR adding such a feature would be very welcome), just sharing some background around this missing feature.

Hi @jesse.souza I had a similar issue and resolved it by hard-coding the algorithm I needed and rebuilding n8n

// packages/nodes-base/nodes/Ftp/Ftp.node.ts
// appears twice:
password: credentials.password as string,
privateKey: credentials.privateKey as string | undefined,
passphrase: credentials.passphrase as string | undefined,
algorithms: {
  kex: ["diffie-hellman-group1-sha1"],
  cipher: ["aes128-cbc"]

@MutedJam IMHO I think SFTP is a common entry-point for a lot of first time n8n users. This connection error is frustrating and I can imagine many users give up on n8n quickly.

My client is in healthcare and they were given an SFTP endpoint by a big-name service. OSX and FileZilla etc supported the key exchange out of the box but n8n did not.

As for a PR, I am no ssh expert and unsure as to how this should be done?

  1. hard-code all common exchange algs
  2. provide JSON config input
  3. provide multi text input to list kex

I’m also getting this error. Would be nice to get a fix

Hey @jimhuds,

Can you share what SFTP server and version you are connecting to?

Hey @Jon , it’s a server provided to us by a sales rep team. I did some googling and after running some commands this is the info I got:

Syncplify.me Server! v5.1.24.564 SSH-2/SFTP Service Ready
SFTP protocol version 3
no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1


Hey @jimhuds,

Perfect thanks, Out of interest have you tried with the SSH node which also has a file transfer option?

Hey @Jon,

Just tried it, I get “ERROR: read ECONNRESET”. Which I think is the same issue as if I ssh through terminal on my local machine I get the “no matching key exchange method found.” message.


1 Like

Hi @Jon

I am hoping to transfer a couple of clients from self-hosted to n8n cloud but can’t until this is resolved.

From n8n cloud adding an SFTP credential:
eg: sftp4interfaces.insynchcs.com with any user/pass

Same error from SSH node:

A simple fix may be to just hard code the most common algs, eg:

Hey @s1monj,

I think I spotted the support ticket from you as well on this one, While hardcoding seems like the quick win it isn’t the best approach so we will need to think of the best way around that. Maybe by presenting a default list that follows current best practices then allowing them to be changed if needed which will potentially help with compliance as well.

Give me a few days and I will see what I can come up with.


I was going to create a Github issue for this, then found this thread. This has been a thorn on our side as well. I’m just replying to be notified of the changes and hopefully give you one more reason to work on this :slight_smile:

1 Like

I faced the same problem today too. Will hard-code and re-build to work around, but I don’t see why there can’t be a drop down field on the credentials page to select the appropriate kex/cipher algo

Hey @dpro-shc,

Welcome to the community :cake\

This is one of those issues that is on my personal todo list, I have been thinking about just using a text field for now to get this one done quickly. At the moment though this is in our backlog of tasks to complete but I am planning on pulling it out during one of our bug bashing sessions.

1 Like

Hi Jon- thanks for the welcome!

text or picklist, anything to get the job done. Glad to know this is on the backlog.

1 Like

Hi @Jon , do you have any news on this? Interested to hear when you plan to have it implemented.


1 Like

Why not add some extra options to the SSH node so one can pass extra parameters like:
“-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null”
We have this issue when automating hosts that continually change identity but not their account passwords

1 Like