No SSH connection from Microsoft with Firmware RUT9M_R_00.07.07.1

Just FYI on latest firmware RUT9M_R_00.07.07.1

If you try to use the Microsoft SSH client from PowerShell or command line,
handshake fails. Putty works fine.
I guess a cipher set is not supported by M$.
Latest Windows 11 Pro 64bit 23H2 Build 22631.3593

M$ SSH client works fine up to all FW versions including 7.6.11

1 Like


I have the same Windows version, and I just tried SSH into the router with firmware RUT9M_R_00.07.07.1, and everything works fine! So the issue is not caused by the firmware version; there could be something else.
Could you please specify if you get any error when trying to connect to the router via SSH?

Best Regards,

“ssh_dispatch_run_fatal: Connection to port 22: unknown or unsupported key type”

This is on a RUT956 out-of-the-box, only mobile connection and OpenVPN tunnel set up.
Access via vpn.

Same route (same vpn access, same setup) but different router and firmware (RUT955 with 7.6.11) success via command line

Could you please share your VPN configuration (ensuring any sensitive information is hidden)? This will allow me to try to replicate the issue. Thank you.

Best Regards,

I’m seeing the same issue with RoyalTS (the Rebex based terminal fails to connect, but the Putty based one works OK). Note that the Rebex based terminal works fine with previous firmware versions. Happy to raise this as a separate issue if you feel it’s a different problem, but the symptoms look pretty much identical to me (putty works, other terminal works for prior firmware but not 07.07); I have duplicated this across 4 RUT956’s.

I would be happy to provide logs but get the error “An error occurred: Sorry, new users can only put 2 links in a post.” if I paste them in (despite there being no links) and am not permitted to attach them as an attachment. Will try including just the final section:

2024-05-31 12:05:51.497 DEBUG Ssh(11)[26] SSH: Using strict key exchange.
2024-05-31 12:05:51.497 DEBUG Ssh(11)[26] SSH: Negotiating key.
2024-05-31 12:05:51.497 VERBOSE Ssh(11)[26] SSH: Sending packet SSH_MSG_KEX_30 (37 bytes).
0000 |1E-00-00-00-20-8B-95-7B 54-75-06-55-3F-BD-33-AE| … …{Tu.U?.3.
0010 |31-8A-06-6C-E9-F5-BA-6F 84-82-65-34-BD-74-43-A3| 1…l…o…e4.tC.
0020 |2E-12-96-31-01 | …1.
2024-05-31 12:05:51.724 VERBOSE Ssh(11)[22] SSH: Received packet SSH_MSG_KEX_31 (80 bytes).
0000 |1F-00-00-00-13-00-00-00 0F-6B-65-79-2D-75-6E-73| …key-uns
0010 |75-70-70-6F-72-74-65-64 00-00-00-20-C3-8C-D4-34| upported… …4
0020 |22-38-EC-2D-7C-D1-D4-6B A4-50-BE-A0-12-F9-BD-19| "8.-|…k.P…
0030 |3F-38-F3-13-C5-CC-B0-65 CB-D3-0C-59-00-00-00-10| ?8…e…Y…
0040 |00-00-00-0C-69-6E-76-61 6C-69-64-2D-73-69-67-6E| …invalid-sign
2024-05-31 12:05:51.724 VERBOSE Ssh(11)[22] SSH: Received packet SSH_MSG_NEWKEYS (1 bytes).
0000 |15 | .
2024-05-31 12:05:51.724 DEBUG Ssh(11)[26] SSH: Validating ‘rsa-sha2-256’ signature.
2024-05-31 12:05:51.724 ERROR Ssh(11)[26] SSH: Negotiation failed. Key algorithm is not supported.

I could test on-site yesterday: SSH with Windows CMD works from LAN and WAN interface.
Only via VPN, it fails.
We use OpenVPN’s CloudConnexa with Network and User Connectors, Application setup, no Shield or other extra filter options activated.


I created a VPN hub via RMS (OpenVPN) and successfully connected via SSH remotely (using the VPN IP) to both RUT956 and RUT241 devices, both running firmware version 07.07.1.


Unfortunately, I wasn’t able to replicate the issue you’re experiencing.

Best Regards,

I captured the ssh initialization of putty and windows:
win fails to “reply new keys”.
I do not have permission to upload the pcap files to this forum as I am a “new user”


I have sent you a form to fill out so that I can contact you privately. Once you have filled it out, you’ll get email from me and be able to send me the necessary files. Please use “6139” as the ticket ID. Thank you.

Best Regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.