Trying to SSH to a Cisco switch from Ubuntu 20.04 you may get this error. I’ve noticed the same thing from Redhat RHEL 8:
~> ssh email@example.com Unable to negotiate with 10.1.1.5 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
This error is because Ubuntu 20.04 has disabled the SHA1-based key exchange methods after some attacks have been found on SHA1.
To work around this issue for Cisco switches you can use the command line argument
-oKexAlgorithms=+diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 like this:
~> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 firstname.lastname@example.org Password: ~>
To save this for the specific IP permanently, add to your ssh_config file:
~> cat ~/.ssh/config Host 10.1.1.5 KexAlgorithms=+diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
This will set that option permenantly for the specific host.