Trying to SSH to a Cisco switch from Ubuntu 20.04 you may get this error. I’ve noticed the same thing from Redhat RHEL 8:
~> ssh cisco@10.1.1.5
Unable to negotiate with 10.1.1.5 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
This error is because Ubuntu 20.04 has disabled the SHA1-based key exchange methods after some attacks have been found on SHA1.
To work around this issue for Cisco switches you can use the command line argument -oKexAlgorithms=+diffie-hellman-group1-sha1
like this:
~> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 cisco@10.1.1.5
Password:
~>
To save this for the specific IP permanently, add to your ssh_config file:
~> cat ~/.ssh/config
Host 10.1.1.5
KexAlgorithms=+diffie-hellman-group1-sha1
This will set that option permenantly for the specific host.
One reply on “Workaround for SSH error to Cisco switch from Ubuntu 20.04 or Redhat 8 – no matching key exchange method found”
The web is a wonderful thing! Thanks for the solution. It worked a treat.