Hello,

Today I faced an issue involving SSH with my Jenkins, the error is as follow:
[SSH] Exception:Algorithm negotiation fail
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:520)
at com.jcraft.jsch.Session.connect(Session.java:286)
at com.jcraft.jsch.Session.connect(Session.java:150)
at org.jvnet.hudson.plugins.SSHSite.createSession(SSHSite.java:141)
at org.jvnet.hudson.plugins.SSHSite.executeCommand(SSHSite.java:151)
at org.jvnet.hudson.plugins.SSHBuilder.perform(SSHBuilder.java:60)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:770)
at hudson.model.Build$BuildExecution.build(Build.java:199)
at hudson.model.Build$BuildExecution.doRun(Build.java:160)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:533)
at hudson.model.Run.execute(Run.java:1759)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:89)
at hudson.model.Executor.run(Executor.java:240)

This error happened because my OpenSSH version just upgraded from 6.6 to 6.7 (as most debian jessie users), in the OpenSSH changelog you can clearly see "The default set of ciphers and MACs has been altered to remove unsafe algorithms".

OpenSSH 6.7 default key exchange algorithms:

• curve25519-sha256@libssh.org
• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521
• diffie-hellman-group-exchange-sha256
• diffie-hellman-group14-sha1

Unfortunately ssh-credentials rely on JSch which use diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 for key exchange, and those algorithms are no longer part of OpenSSH default key exchange algos.

Since version 0.1.49 JSch support diffie-hellman-group-exchange-sha256.
I would suggest to update ssh-credentials dependency to rely on JSch 0.1.49, so everybody feel up to date and secure.