• Register
Welcome to Kodlogs, programming questions and answer website.
0 votes
10 views

Problem :

I am trying to ssh to the server but that is asking for the diffie-hellman-group1-sha1 key exchange method as below:

​ssh 123.123.123.123
Unable to negotiate with 123.123.123.123 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1



​

How can I enable the diffie-hellman-group1-sha1 key exchange method on the Debian 8.0?

by (7.5k points)  

1 Answer

0 votes

Solution :

The OpenSSH website has the page dedicated to the legacy issues such as the above one. It suggests the below approach, on ta client:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 123.123.123.123

Or more permanently you can add

​Host 123.123.123.123

KexAlgorithms +diffie-hellman-group1-sha1



​

to the ~/.ssh/config.

This will help you in enabling your old algorithms on a client, by allowing it to simply connect to a server.

OR

 My problem was similar to your problem I had many (legacy) clients connecting to the recently upgraded server (i.e. ubuntu 14 -> ubuntu 16).

My change from openssh6 -> openssh7 completely disabled by default a diffie-hellman-group1-sha1 key exchange method.

After doing lot of research I came up with my changes which I needed to do to a /etc/ssh/sshd_config file as below :

​#Legacy changes

KexAlgorithms +diffie-hellman-group1-sha1

Ciphers +aes128-cbc

And the more wide legacy set of changes as below:

​#Legacy changes
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr

 

​

It resolved my issue.

by (34.4k points)  
...