This is mainly a reminder to myself, but when getting stuck SSHing to older gateways etc, it’s necessary to either adjust the command or adjust your ssh_config file
jon@Jons2 ~ % ssh jon@router Unable to negotiate with router port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Here the key exchange is bad so we need to provide a hash the server understands. We can do this by using the
-oKexAlgorithms` flag for ssh and adding the same algorithms that it’s complaining about:
jon@Jons2 ~ % ssh jon@router -oKexAlgorithms=+diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 Unable to negotiate with router port 22: no matching host key type found. Their offer: ssh-rsa
Unfortunately that’s not always enough and next I get an error with the host key. We can fix it by adding the host key offers in the ssh command with `oHostKeyAlgorithms`
jon@Jons2 ~ % ssh jon@router -oKexAlgorithms=+diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-rsa (jon@router) Password: core-01#
Now we can see it made it through to the login.
We can also fix this permanently by adding these lines to your ssh config file found at `/etc/ssh/ssh_config`. After the config lines are added you can simply ssh to the host without any command flags.
HostkeyAlgorithms ssh-dss,ssh-rsa KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc MACs hmac-md5,hmac-sha1,firstname.lastname@example.org