This is mainly a reminder to myself, but when getting stuck SSHing to older gateways etc, it’s necessary to either adjust the command or adjust your ssh_config file
jon@Jons2 ~ % ssh jon@router
Unable to negotiate with router port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1Here the key exchange is bad so we need to provide a hash the server understands. We can do this by using the -oKexAlgorithms` flag for ssh and adding the same algorithms that it’s complaining about:
jon@Jons2 ~ % ssh jon@router -oKexAlgorithms=+diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Unable to negotiate with router port 22: no matching host key type found. Their offer: ssh-rsaUnfortunately that’s not always enough and next I get an error with the host key. We can fix it by adding the host key offers in the ssh command with `oHostKeyAlgorithms`
jon@Jons2 ~ % ssh jon@router -oKexAlgorithms=+diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-rsa
(jon@router) Password:
core-01#Now we can see it made it through to the login.
We can also fix this permanently by adding these lines to your ssh config file found at `/etc/ssh/ssh_config`. After the config lines are added you can simply ssh to the host without any command flags.
HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64@openssh.com