When connecting via SSH to older systems who do not support newer ciphers, you will sometimes get the following error:
Unable to negotiate with 10.192.0.47 port 22: no matching key exchange method
found. Their offer: diffie-hellman-group14-sha1
To permanently enable support for this cipher, you need to add the following line to either/etc/ssh/ssh_config to enable it for all accounts or ~/.ssh/config for just your account.
Host *
KexAlgorithms +diffie-hellman-group14-sha1
You can change Host * to specify a specific IP. Ex: Host 111.111.111.111.
Catchall block to enable most key exchange methods. Add the following to /etc/ssh/ssh_config.
KexAlgorithms diffie-hellman-group1-sha1,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Then regenerate keys with …
ssh-keygen -A
OpenSSH also rightly has deprecated SHA1, but if you get the following error …
Unable to negotiate with <ip address> port 22: no matching host key type found. Their offer: ssh-rsa
Add the following to your ssh_config.
HostkeyAlgorithms +ssh-rsa
OpenSSH will not also not accept key lengths less than 1024 bits and you will get the following error when connecting.
ssh_dispatch_run_fatal: Connection to 192.168.7.6 port 22: Invalid key length
To connect to these servers, install the openssh-client-ssh1 on Ubuntu and connect with …
apt install openssh-client-ssh1
ssh1 user@<ip address>
More docs from OpenSSH Legacy Options.