Problem Description
When using the NppFTP plugin in Notepad++ to connect to an Ubuntu 16.04.4 server via SFTP, the connection fails with the following error:
[SFTP] Connection failed : kex error : did not find one of algos diffie-hellman-group1-sha1 in list [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 for kex algos
Unable to connectThe core issue is that the server's list of supported key exchange algorithms does not include the diffie-hellman-group1-sha1 algorithm requested by the client.
Solution
This problem occurs because the OpenSSH server has disabled older, less secure key exchange algorithms (like diffie-hellman-group1-sha1) by default, while older NppFTP clients may still default to using it. The solution is to re-enable this algorithm in the server's SSH configuration.
Step 1: Modify SSH Server Configuration
- Connect to your Ubuntu server via SSH terminal (e.g., Xshell, PuTTY).
- Open the SSH server configuration file with a text editor:
sudo vi /etc/ssh/sshd_config- Add the following lines at the end of the file to re-enable
diffie-hellman-group1-sha1and specify a cipher suite:
KexAlgorithms diffie-hellman-group1-sha1,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctrNote: Adding KexAlgorithms includes diffie-hellman-group1-sha1 in the server's supported list. Adding Ciphers ensures compatibility and prevents subsequent connection failures due to cipher mismatches.
Step 2: Restart SSH Service
After saving the file, restart the SSH service:
sudo service ssh restartNote: On newer Ubuntu systems (18.04+), use sudo systemctl restart ssh.
Step 3: Reconnect
After completing these steps, try reconnecting via the NppFTP plugin in Notepad++. The issue should be resolved.
Additional Notes & Security Recommendations
1. Algorithm Security: diffie-hellman-group1-sha1 is considered a weak algorithm with potential security risks. This solution is a temporary compatibility measure.
2. Better Solution: The preferred approach is to update your NppFTP plugin or Notepad++ to the latest version. Newer clients typically support modern, secure algorithms (like curve25519-sha256) that are enabled by default on servers, eliminating the need to modify server configuration.
3. Check Ubuntu Version: To confirm your system version, use:
cat /etc/issue
# or
lsb_release -a4. Revert Configuration: After successfully connecting with an updated client, remove the added KexAlgorithms and Ciphers lines from /etc/ssh/sshd_config and restart SSH to restore the server's stricter default security settings.