Connected to Old SSH Host With Unsupported Key Exchange Method / Host Key Type

When connecting to a old device the ssh client may compain about unsupported key exchange method or host key type.

ssh [email protected]
Unable to negotiate with 192.168.31.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1

ssh [email protected]
Unable to negotiate with 192.168.31.1 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

The reason is these offered cipher-suits are found vulnerable, thus they are banned in the recent version of ssh client.

A temporary solotion is to create an entry in .ssh/config:

Host 192.168.31.1
    KexAlgorithms +diffie-hellman-group1-sha1
    Ciphers aes128-cbc
    HostKeyAlgorithms=+ssh-dss

It is better to upgrade the SSH server ASAP for security (if possible).

References

古いマシーンに ssh 接続できない時の対策

Author: Nobody

License: CC BY-NC-SA 4.0

Link: https://asdasd.page/2022/Connected-to-Old-SSH-Host-with-Unsupported-Key-Exchange-Method-Host-Key-Type/