Ubuntu after upgrade - ssh exchange failed
Solution 1
This means the diffie-hellman-group1-sha1
is not present in the default set of key exchange algorithms.
To get the ssh
option permanent, add the follwoing to your ~/.ssh/config
(or globally in /etc/ssh/ssh_config
):
KexAlgorithms=+diffie-hellman-group1-sha1
Be careful about the Host
, Match
etc selective declarations while adding the directive if you want it globally as values inside those snippets apply to the mentioned set only. Whenever unsure, put it at the top.
Solution 2
Hi guys this is what it worked for me
Adding this line above to /etc/ssh/ssh_config
KexAlgorithms diffie-hellman-group1-sha1,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Uncomment (Delete the #) this line Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
, then save the file and execute these commands ssh-keygen -A
and service ssh restart
.
If you did it well then you should be able to ssh without adding this -oKexAlgorithms=+diffie-hellman-group1-sha1
to the ssh command.
Related videos on Youtube
user612336
Updated on September 18, 2022Comments
-
user612336 over 1 year
I have a little bit problem after upgrading Ubuntu from 14.04 to 16.04. I've try to estabilish SSH connections with some servers trough SSH but after upgrade in some cases I have these output:
Unable to negotiate with 10.13.45.221 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
I know about adding this :
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost
But maybe is another way to enable it globally and use only ssh user@host like in 14.04?
-
Thomas Ward over 3 yearsThis is basically what the original answer says, except that it leaves the defaults alone and simply adds one kex mechanism. Also, the 3des ciphers alone aren't needed - you simply need to only alter the KexAlgorithms - no need to alter the ciphers.