Have you ever tried to SSH into a server and recieved the following error?
no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
Well that’s probably becuase you are using a bit of kit with legacy software or firmware.
Then when you try to SSH and you add diffie-hellman-group1-sh1 you get the following back?
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected]
Unable to negotiate with 192.168.2.1 port 22: no matching host key type found. Their offer: ssh-rsa
No worries, we can fix that:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-rsa [email protected]
but we could go even wilder:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-dss,ssh-rsa [email protected]
I’ve not read the specs but there’s obviously a range of cipher configuirations you can set with:
You can check the config by running:
ssh -Q cipher # ciphers u can use ssh -Q mac # MAC types ssh -Q key # Public key ssh -Q kex # Key Exchange Algos
Hopefully this helps if you are connecting to some older devices!