$ ssh 192.0.2.10
Unable to negotiate with 192.0.2.10 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1Cisco switches sometimes last longer than their cryptographic algorithms. You can fix this by purchasing a new switch (dah) or by enabling the old, and most likely weak, key exchange algorithm for the affected hosts in ~/.ssh/config.
$ cat ~/.ssh/config
Host 192.0.2.9 192.0.2.10
KexAlgorithms +diffie-hellman-group14-sha1If that didn’t help and you get something like this:
$ ssh 192.0.2.10
ssh_dispatch_run_fatal: Connection to 192.0.2.10 port 22: error in libcryptoThen, the simplest workaround is to globally enable old, insecure legacy cryptographic policies:
$ sudo update-crypto-policies --set LEGACY
Leave a Reply