Fixing error on SSH: No matching key exchange method found. Their offer: diffie-hellman-group1-sha1

How to Fix SSH Error: No matching key exchange method found. Their offer: diffie-hellman-group1-sha1

OpenSSH is a widely used SSH (secure shell) server and client used in the Unix world, including in Linux, Mac OS X, and BSD operating systems. OpenSSH allows for secure logins to a remote system.

While the current version of OpenSSH is 8.6, there are a lot of older clients and servers still running for compatibility reasons. However, the mismatched client and server version will sometimes create errors as older cipher methods used for authentication are deprecated.

For example, a newer client might not be able to SSH to a server that asks for a specific key exchange method and will throw an error, as depicted here:

Unable to negotiate with port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Fortunately, fixing the error is not that hard to do. Enabling older key exchange method can be done by adding a specific line to the OpenSSH configuration file. Begin by issuing the following command:

nano /etc/ssh/ssh_config

You can replace nano with vim or other text editors you like to use. In the file, add the following lines:

KexAlgorithms diffie-hellman-group1-sha1,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr

Save the configuration file, close the text editor, and regenerate your SSH keys by issuing the following command:

ssh-keygen -A

Wait until the key regeneration process is finished (it should not take more than a few seconds), and finally, restart the ssh daemon by using the following command:

service ssh restart

If you still cannot connect to the server, you can try alternative SSH clients such as PuTTY. Install PuTTY by issuing this command on a Debian-based distro (such as Ubuntu and Mint):

sudo apt install putty

Then, open PuTTY and configure the connection as usual. PuTTY will attempt to connect with the available key exchange method.

READ:  Enabling PHP zip extension in cPanel Hosting

Leave a Reply

Your email address will not be published. Required fields are marked *