thumb After update to new release of SSH, when trying to connect to my server by using SSH, I get the following message:

Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found.
Their offer: diffie-hellman-group1-sha1


What causes this problem

OpenSSH 7.0 deprecated the diffie-hellman-group1-sha1 key algorithm because it is weak and within theoretical range of the so-called Logjam attack. See the www.openssh.com/legacy.html page for more information.

If the client and server are unable to agree on a mutual set of parameters then the connection will fail. OpenSSH (7.0 and greater) will produce an error message like this:

Unable to negotiate with host: no matching key exchange method found.
Their offer: diffie-hellman-group1-sha1

In this case, the client and server were unable to agree on the key exchange algorithm because the server offered only a single method diffie-hellman-group1-sha1.

How to fix it

The best resolution for these failures is to upgrade/configure the server to not use deprecated algorithms. If that is not possible, you can force the client to re-enable the diffie-hellman-group1-sha1 key exchange algorithm with the -oKexAlgorithms=+diffie-hellman-group1-sha1 option on the command-line:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@host

or in the ~/.ssh/config file:

Host somehost.example.org
	KexAlgorithms +diffie-hellman-group1-sha1

Arthur Gareginyan

Arthur Gareginyan

Arthur is a designer and full stack software engineer. He is the founder of MyCyberUniverse.com. His personal website can be found at arthurgareginyan.com. Check out his free WordPress plugins at wordpress.org.

Follow Arthur: