OpenSSH is a widely used SSH (secure shell) server and client used in the Unix world, including in Linux, Mac OS X, and BSD operating systems. OpenSSH allows for secure logins to a remote system.
While the current version of OpenSSH is 8.6, there are a lot of older clients and servers still running for compatibility reasons. However, the mismatched client and server version will sometimes create errors as older cipher methods used for authentication are deprecated.
For example, a newer client might not be able to SSH to a server that asks for a specific key exchange method and will throw an error, as depicted here:
ssh 18.104.22.168 Unable to negotiate with 22.214.171.124 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
Fortunately, fixing the error is not that hard to do. Enabling older key exchange method can be done by adding a specific line to the OpenSSH configuration file. Begin by issuing the following command:
You can replace nano with vim or other text editors you like to use. In the file, add the following lines:
KexAlgorithms diffie-hellman-group1-sha1,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
Save the configuration file, close the text editor, and regenerate your SSH keys by issuing the following command:
Wait until the key regeneration process is finished (it should not take more than a few seconds), and finally, restart the ssh daemon by using the following command:
service ssh restart
If you still cannot connect to the server, you can try alternative SSH clients such as PuTTY. Install PuTTY by issuing this command on a Debian-based distro (such as Ubuntu and Mint):
sudo apt install putty
Then, open PuTTY and configure the connection as usual. PuTTY will attempt to connect with the available key exchange method.