After update to a new release of SSH, when trying to connect to my server by using SSH, I get the following message:
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
What causes this problem
OpenSSH 7.0 deprecated the
diffie-hellman-group1-sha1 key algorithm because it is weak and within theoretical range of the so-called Logjam attack. See the www.openssh.com/legacy.html page for more information.
If the client and server are unable to agree on a mutual set of parameters then the connection will fail. OpenSSH (7.0 and greater) will produce an error message like this:
Unable to negotiate with host: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
In this case, the client and server were unable to agree on the key exchange algorithm because the server offered only a single method
How to fix it
The best resolution for these failures is to upgrade/configure the server to not use deprecated algorithms. If that is not possible, you can force the client to re-enable the
diffie-hellman-group1-sha1 key exchange algorithm with the
-oKexAlgorithms=+diffie-hellman-group1-sha1 option on the command-line:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@host
or in the
Host somehost.example.org KexAlgorithms +diffie-hellman-group1-sha1
If you are having trouble fixing this problem with the instructions above, but are being able to solve this problem with any another method please describe it in the comment section below. Thanks!
If this article has helped you solve the problem then please leave a comment
Thanks for reading!