When connecting via SSH to older systems who do not support newer ciphers, you will sometimes get the following error:
Unable to negotiate with 10.192.0.47 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1
To permanently enable support for this cipher, you need to add the following line to either
/etc/ssh/ssh_config to enable it for all accounts or
~/.ssh/config for just your account.
Host * KexAlgorithms +diffie-hellman-group14-sha1
You can change
Host * to specify a specific IP. Ex:
Catchall block to enable most key exchange methods. Add the following to
Then regenerate keys with …
OpenSSH also rightly has deprecated SHA1, but if you get the following error …
Unable to negotiate with <ip address> port 22: no matching host key type found. Their offer: ssh-rsa
Add the following to your ssh_config.
OpenSSH will not also not accept key lengths less than 1024 bits and you will get the following error when connecting.
ssh_dispatch_run_fatal: Connection to 192.168.7.6 port 22: Invalid key length
To connect to these servers, install the openssh-client-ssh1 on Ubuntu and connect with …
apt install openssh-client-ssh1 ssh1 user@<ip address>
More docs from OpenSSH Legacy Options.