Categories
Linux Networking Systems Administration

Workaround for SSH error to Cisco switch from Ubuntu 20.04 – no matching key exchange method found

Trying to SSH to a Cisco switch from Ubuntu 20.04 you may get this error:

~> ssh cisco@10.1.1.5
Unable to negotiate with 10.1.1.5 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

This error is because Ubuntu 20.04 has disabled the SHA1-based key exchange methods after some attacks have been found on SHA1.

To work around this issue for Cisco switches you can use the command line argument -oKexAlgorithms=+diffie-hellman-group1-sha1 like this:

~> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 cisco@10.1.1.5
Password:
~>

To save this for the specific IP permanently, add to your ssh_config file:

~> cat ~/.ssh/config
Host 10.1.1.5
KexAlgorithms=+diffie-hellman-group1-sha1

This will set that option permenantly for the specific host.

Leave a Reply

Your email address will not be published. Required fields are marked *