I have a little bit problem after upgrading Ubuntu from 14.04 to 16.04. I've try to estabilish SSH connections with some servers trough SSH but after upgrade in some cases I have these output:
Unable to negotiate with 10.13.45.221 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1I know about adding this : ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost
But maybe is another way to enable it globally and use only ssh user@host like in 14.04?
3 Answers
This means the diffie-hellman-group1-sha1 is not present in the default set of key exchange algorithms.
To get the ssh option permanent, add the follwoing to your ~/.ssh/config (or globally in /etc/ssh/ssh_config):
KexAlgorithms=+diffie-hellman-group1-sha1Be careful about the Host, Match etc selective declarations while adding the directive if you want it globally as values inside those snippets apply to the mentioned set only. Whenever unsure, put it at the top.
Hi guys this is what it worked for me
Adding this line above to /etc/ssh/ssh_config
KexAlgorithms diffie-hellman-group1-sha1,,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Uncomment (Delete the #) this line Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc, then save the file and execute these commands ssh-keygen -A and service ssh restart.
If you did it well then you should be able to ssh without adding this -oKexAlgorithms=+diffie-hellman-group1-sha1 to the ssh command.
nano /etc/ssh/ssh_configadd these:
KexAlgorithms=+diffie-hellman-group1-sha1
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbcexit
service ssh restartthen you can remote your hosts as usual:
ssh username@hostname
or
ssh -l username hostnameit works for me.. :)
