A lot of older devices either support telnet or very old SSH keyx algorithms which are insecure and disabled by all newer/modern SSH clients for security reasons. However, sometimes you may be on a LAN via VPN or some other secured network or for whatever reason, absolutely, need to connect to this device and sometimes old/embedded devices may not be possible to update to a newer SSH server.
If you run into this you may be using a modern/newer SSH client and get this error:
Unable to negotiate with 192.168.20.2 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
You can solve it by adding at least one of the algorithms it lists and to choose another cipher like this:
ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 -o Ciphers=aes256-cbc firstname.lastname@example.org
We add the Ciphers option above as many devices still won't work unless you specify a cipher like above.
ssh, servers, devices, switches, routers, cisco, juniper, unable, negotiate, matching, method, diffie, hellman, sha, hella, telnet, keyx, algorithms, insecure, disabled, newer, lan, via, vpn, secured, embedded, update, server, adding, lists, cipher, kexalgorithms, ciphers, aes, cbc, rttuser, specify,