PuTTY Kex Error, or: "Hm, kex protocol error: type 30 seq 1 [preauth]"

Posted on .

I host IRC shells (user accounts with SSH access for IRC usage) for several of my friends. Some of them that run inferior OSes use PuTTY to connect. Last week, I got word that one of them was unable to connect to my server, getting no error on their end (just seemed to never connect). I checked the server logs and saw the following error:

Jul 13 21:35:51 ksenon sshd[14255]: error: Hm, kex protocol error: type 30 seq 1 [preauth]

Googling the above didn't return any information about PuTTY, but I did find a discussion about the problem, which contained a vital clue:

message type 30 is the pre-RFC4419 group exchange message. Since RFC4419 was published nearly 10 years ago support for the non-standardized message was recently removed from OpenSSH.

I remembered I had just upgraded OpenSSH to 6.9p1. It appears the support was removed when I upgraded.

The fix was the following: In PuTTY, go to "Connection → SSH → Kex". There, select "Diffie-Hellman group exchange" and move it to the bottom of the list, so it is not used. The connection should start working as normal again.


From the OpenSSH changelog, this line could be related:

  • ssh(1), sshd(8): deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message and do not try to use it against some 3rd-party SSH implementations that use it (older PuTTY, WinSCP).


Seems the bug may have been fixed in the latest PuTTY, according to this commit. It will take a while for the fix to hit stable and be propagated to other clients based on PuTTY though, in the meantime you can use the workaround described above.