SUSE Support

Here When You Need Us

"Unable to negotiate" and "no matching cipher found" errors when trying to connect with sftp.

This document (000020706) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applica­tions 15 SP4
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applica­tions 15 SP3
SUSE Linux Enterprise Desktop 15 SP3


sftp is unable to connect to a SFTP server and the following error message is displayed:
[Unable to negotiate with X.X.X.X port 22: no matching cipher found. Their offer: blowfish-cbc, aes256-cbc]


The SFTP server likely supports only legacy CBC (Cipher Block Chain) ciphers such as blowfish-cbc, aes256-cbc, and the SFTP client doesn't accept those ciphers.

There are two possible solutions:

1) Upgrade and harden the SFTP server so that it supports more secure ciphers (best solution);

2) As a workaround, force the SFTP client to select the legacy cipher supported by the SFTP server for encrypting the data transfers, using the -c parameter of the sftp command;

       sftp -c aes128-cbc sftpuser@X.X.X.X
  where X.X.X.X if the SFTP server IP address.
From sftp man page:
     -c cipher
             Selects the cipher to use for encrypting the data
             transfers.  This option is directly passed to ssh(1).

The list of available ciphers supported by the SFTP client may also be obtained using the command "ssh -Q cipher".


The SFTP client is trying to use more secure ciphers for encrypting the data transfers but the SFTP server probably supports only legacy CBC (Cipher Block Chain) ciphers.

Additional Information

sftp man page:
Block cipher mode of operation:
SSH CBC vulnerability:
Plaintext Recovery Attacks Against SSH:
OpenSSH Legacy Options


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020706
  • Creation Date: 22-Jul-2022
  • Modified Date:17-Oct-2022
    • SUSE Linux Enterprise Desktop
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.