SSH cannot connect to old servers/devices/switches/routers/Cisco/Juniper Unable to negotiate with 192.168.20.2 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hell

A lot of older devices either support telnet or very old SSH keyx algorithms which are insecure and disabled by all newer/modern SSH clients for security reasons.  However, sometimes you may be on a LAN via VPN or some other secured network or for whatever reason, absolutely, need to connect to this device and sometimes old/embedded devices may not be possible to update to a newer SSH server.

If you run into this you may be using a modern/newer SSH client and get this error:

Unable to negotiate with 192.168.20.2 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Solution:

You can solve it by adding at least one of the algorithms it lists and to choose another cipher like this:

ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 -o Ciphers=aes256-cbc rttuser@192.168.20.2
 

We add the Ciphers option above as many devices still won't work unless you specify a cipher like above.


Tags:

ssh, servers, devices, switches, routers, cisco, juniper, unable, negotiate, matching, method, diffie, hellman, sha, hella, telnet, keyx, algorithms, insecure, disabled, newer, lan, via, vpn, secured, embedded, update, server, adding, lists, cipher, kexalgorithms, ciphers, aes, cbc, rttuser, specify,

Latest Articles

  • Convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/413. convert-im6.q16: no images defined `pts-time.jpg' @ error/convert.c/ConvertImageCommand/3258. solution ImageMagick P
  • Apache PHP sending expires header solution cannot use cache with CDN
  • How to install virt-manager in Mint 22/Ubuntu 22
  • Infiniband Guide
  • python mysql install error: /bin/sh: 1: mysql_config: not found /bin/sh: 1: mariadb_config: not found /bin/sh: 1: mysql_config: not found mysql_config --version
  • FreePBX 17 How To Add a Trunk
  • Docker Container Onboot Policy - How to make sure a container is always running
  • FreePBX 17 How To Add Phones / Extensions and Register
  • Warning: The driver descriptor says the physical block size is 2048 bytes, but Linux says it is 512 bytes. solution
  • Cisco How To Use a Third Party SIP Phone (eg. Avaya, 3CX)
  • Cisco Unified Communication Manager (CUCM) - How To Add Phones
  • pptp / pptpd not working in DD-WRT iptables / router
  • systemd-journald high memory usage solution
  • How to Install FreePBX 17 in Linux Debian Ubuntu Mint Guide
  • How To Install Cisco's CUCM (Cisco Unified Communication Manager) 12 Guide
  • Linux Ubuntu Redhat How To Extract Images from PDF
  • Linux and Windows Dual Boot Issue NIC Won't work After Booting Windows
  • Cisco CME How To Enable ACD hunt groups
  • How to install gns3 on Linux Ubuntu Mint
  • How to convert audio for Asterisk .wav format
    • Copyright © realtechtalk.com 2025