Remote_execution_ssh supported algorithms

I currently have the following key exchange algorithms configured in openssh:


When attempting to run a remote job, the plugin is unable to settle on a KEX algorithms. Unless I’m mistaken, the plugin uses net-ssh provided by tfm-rubygem-net-ssh. This is deployed on CentOS with tfm-rubygem-net-ssh 4.2, which I believe supports ED25519, but is only offering diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521.

Can the KEX/MAC/ciphers be configured?


I do see net-ssh accept kex as valid option, see in below link,

From plugin side, I dont see we are passing kex option while starting connection,

This seems valid feature request, request to file.
Amit Upadhye.

Alternatively, you could try configuring the KexAlgorithms in a Host * block in ~foreman-proxy/.ssh/config which should be read before opening the connection.

Also please note that for ed25519 support you need ed25519 and bcrypt_pbkdf gems.

1 Like

Thank y’all, happy that I wasn’t just overlooking something. I’ve raised the following issue: