• Register
Welcome to Kodlogs, programming questions and answer website.
0 votes

Problem :

I am trying to ssh to the server but that is asking for the diffie-hellman-group1-sha1 key exchange method as below:

Unable to negotiate with port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1


How can I enable the diffie-hellman-group1-sha1 key exchange method on the Debian 8.0?

by (7.5k points)  

1 Answer

0 votes

Solution :

The OpenSSH website has the page dedicated to the legacy issues such as the above one. It suggests the below approach, on ta client:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1

Or more permanently you can add


KexAlgorithms +diffie-hellman-group1-sha1


to the ~/.ssh/config.

This will help you in enabling your old algorithms on a client, by allowing it to simply connect to a server.


 My problem was similar to your problem I had many (legacy) clients connecting to the recently upgraded server (i.e. ubuntu 14 -> ubuntu 16).

My change from openssh6 -> openssh7 completely disabled by default a diffie-hellman-group1-sha1 key exchange method.

After doing lot of research I came up with my changes which I needed to do to a /etc/ssh/sshd_config file as below :

​#Legacy changes

KexAlgorithms +diffie-hellman-group1-sha1

Ciphers +aes128-cbc

And the more wide legacy set of changes as below:

​#Legacy changes
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr



It resolved my issue.

by (33.3k points)