PuTTY Kex Error, or: "Hm, kex protocol error: type 30 seq 1 [preauth]"

I host IRC shells (user accounts with SSH access for IRC usage) for several of my friends. Some of them that run inferior OSes use PuTTY to connect. Last week, I got word that one of them was unable to connect to my server, getting no error on their end (just seemed to never connect). I checked the server logs and saw the following error:

Jul 13 21:35:51 ksenon sshd[14255]: error: Hm, kex protocol error: type 30 seq 1 [preauth]

Googling the above didn’t return any information about PuTTY, but I did find a discussion about the problem, which contained a vital clue:

message type 30 is the pre-RFC4419 group exchange message. Since RFC4419 was published nearly 10 years ago support for the non-standardized message was recently removed from OpenSSH.

I remembered I had just upgraded OpenSSH to 6.9p1. It appears the support was removed when I upgraded.

The fix was the following: In PuTTY, go to “Connection → SSH → Kex”. There, select “Diffie-Hellman group exchange” and move it to the bottom of the list, so it is not used. The connection should start working as normal again.

UPDATE:

From the OpenSSH changelog, this line could be related:

  • ssh(1), sshd(8): deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message and do not try to use it against some 3rd-party SSH implementations that use it (older PuTTY, WinSCP).

UPDATE 2:

Seems the bug may have been fixed in the latest PuTTY, according to this commit. It will take a while for the fix to hit stable and be propagated to other clients based on PuTTY though, in the meantime you can use the workaround described above.