Connected to Old SSH Host with Unsupported Key Exchange Method / Host Key Type Feb 17th 2022 Words: 149

When connecting to a old device the ssh client may compain about unsupported key exchange method or host key type.

1
2
3
4
5
ssh [email protected]
Unable to negotiate with 192.168.31.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1

ssh [email protected]
Unable to negotiate with 192.168.31.1 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

The reason is these offered cipher-suits are found vulnerable, thus they are banned in the recent version of ssh client.

A temporary solotion is to create an entry in .ssh/config:

1
2
3
4
Host 192.168.31.1
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers aes128-cbc
HostKeyAlgorithms=+ssh-dss

It is better to upgrade the SSH server ASAP for security (if possible).

References