I am trying to log in to my DSL router, because I’m having trouble with command-line mail. I’m hoping to be able to reconfigure the router.
When I give the ssh command, this is what happens:
$ ssh <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="87e2e9e3f2f4e2f5c7b6b7a9b5b2b2a9b5b2b5a9b6">[email protected]</a> Unable to negotiate with 10.255.252.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
so then I looked at this stackexchange post, and modified my command to this, but I get a different problem, this time with the ciphers.
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="375259534244524577060719050202190502051906">[email protected]</a> Unable to negotiate with 10.255.252.1 port 22: no matching cipher found. Their offer: 3des-cbc
so is there a command to offer 3des-cbc encryption? I’m not sure about 3des, like whether I want to add it permanently to my system.
Is there a command to allow the 3des-cbc cipher?
What is the problem here? It’s not asking for password.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
This particular error happens while the encrypted channel is being set up. If your system and the remote system don’t share at least one cipher, there is no cipher to agree on and no encrypted channel is possible. Usually SSH servers will offer a small handful of different ciphers in order to cater to different clients; I’m not sure why your server would be configured to only allow 3DES-CBC.
Now, 3DES-CBC isn’t terrible. It’s slow, and it provides less security than some other algorithms, but it’s not immediately breakable as long as the keys are selected properly. CBC itself has some issues when ciphertext can be modified in transit, but I strongly suspect that the resultant corruption would be rejected by SSH’s HMAC, reducing impact. Bottom line, there are worse choices than 3DES-CBC, and there are better ones. However, always tread carefully when overriding security-related defaults, including cipher and key exchange algorithm choices. Those defaults are the defaults for a reason; some pretty smart people spent some brain power considering the options and determined that what was chosen as the defaults provide the best overall security versus performance trade-off.
As you found out, you can use -c ... (or -oCiphers=...) to specify which cipher to offer from the client side. In this case adding -c 3des-cbc allows only 3DES-CBC from the client. Since this matches a cipher that the server offers, an encrypted channel can be established and the connection proceeds to the authentication phase.
You can also add this to your personal ~/.ssh/config. To avoid making a global change to solve a local problem, you can put it in a Host stanza. For example, if your SSH config currently says (dummy example):
Port 9922
specifying a global default port of 9922 instead of the default 22, you can add a host stanza for the host that needs special configuration, and a global host stanza for the default case. That would become something like…
Host 10.255.252.1
Ciphers 3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
Host *
Port 9922
The indentation is optional, but I find it greatly enhances readability. Blank lines and lines starting with # are ignored.
If you always (or mostly) log in as the same user on that system, you can also specify that username:
Host 10.255.252.1
Ciphers 3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
User enduser
Host *
Port 9922
You don’t need to add a Host * stanza if there was nothing in your ~/.ssh/config to begin with, as in that case only compiled-in or system-wide defaults (typically from /etc/ssh/ssh_config) would be used.
At this point, the ssh command line to connect to this host reduces to simply
$ ssh 10.255.252.1
and all other users on your system, and connections to all other hosts from your system, are unaffected by the changes.
Method 2
Ok I read the manpage and figured it out.
I did not want to modify my config file, and so I searched the term “cipher”
in the man page which showed me the -c option; this allows me to specify the encryption type. the end command was then:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b6d3d8d2c3c5d3c4f6878698848383988483849887">[email protected]</a>
Method 3
I recently ran into this problem using PuTTY to connect to a newer version of Ubuntu. It seems earlier versions of PuTTY didn’t have updated ciphers. So downloading the latest version of PuTTY fixed the problem. That could be another solution.
Method 4
Many years later, in 2022 , I have hundreds of those everyday in the logs of all my sshd servers :
Jan 9 00:00:46 server sshd[335552]: Unable to negotiate with x.x.x.x port 53994: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
I’d just tell people : clients needing those SHA1 cyphers are never legitimate users.
https://www.computerworld.com/article/3173616/the-sha1-hash-function-is-now-completely-unsafe.html
Those sha1 based cyphers are no more included in a NORMAL, SECURE, modern ssh server.
DONT add those cyphers, forget it, its 99% sure all of those log messages come from bots trying to find VULNERABLE SSH servers using old sha1 cyphers.
If you ever have legitimate clients needing those old cyphers, you have to upgrade the client , not dwngrade the server by adding old unsecure, unsupported sha1 cyphers.
Sure, there are reasons if you need to connect to a very old device needing those, but I hope people will read this warning 🙂
Adding those old cyphers in a ssh client is ok if you know why. But adding those on a ssh server in 2022 is nonsense 🙂
This is just a warning for ssh server admins finding this thread when googling for this error message ssh unable to negotiate – no matching key exchange method found .
Method 5
Another answer for MacOSX and CLI comamnds (SFTP, for example): refer to this article @ http://www.openssh.com/legacy.html (OpenSSL Legacy Options). I was getting a consistent error of “could not negotiate” which was solved by information in this article, specifically the setting of a configuration parameter in the “~/.ssh/config” file.
BTW, I got this error when my destination SFTP server (not under my administration) finally turned off TLS 1.0 (SSL encryption option) and requires TLS 1.1 or 1.2.
Method 6
On Ubuntu
#cat /etc/ssh/ssh_config
add below
Ciphers aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
and
KexAlgorithms +diffie-hellman-group1-sha1
Method 7
I encountered this problem when setting up a new SFTP server (on Ubuntu 22).
Telling all the clients to update their keys and ciphers was not an option (welcome to the trenches).
I added KexAlgorithms +diffie-hellman-group1-sha1 to the bottom of the /etc/ssh/sshd_config file – but before the Match group sftp part of the configuration – otherwise I was getting the following error:
Jun 22 09:43:22 sftp02 sshd[88559]: /etc/ssh/sshd_config line 140: Directive 'KexAlgorithms' is not allowed within a Match block
After that, I still needed to update the ciphers:
Jun 22 09:44:45 sftp02 sshd[88613]: Unable to negotiate with 10.10.1.154 port 46973: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
Solution: add this to the sshd_config:
HostkeyAlgorithms +ssh-rsa,ssh-dss
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0