SSH Using Older Lecacy Key Exchange

Mindwatering Incorporated

Author: Tripp W Black

Created: 08/18/2022 at 12:04 PM

 

Category:
General Web Tips
Other

Issue:
The older SH1 diffie/hellman group ciphers are not strong enough. However various networking appliances still (only) use them.


Error Message:
$ ssh myadmin@10.0.1.7
Unable to negotiate with 10.0.1.7 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1


Workaround:
Add the key temporarily.
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 myadmin@10.0.1.7




previous page