nano ~/.ssh/config

Host legacy-server-ip
    KexAlgorithms +diffie-hellman-group1-sha1
    HostKeyAlgorithms +ssh-rsa



    Method 1: Temporary (Command Line)
To connect once without changing system files, use the -o flag to append the required algorithm. 

bash
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacy-host
Note: The + prefix ensures you append to the default list rather than replacing it. 

Method 2: Per-User Configuration (Recommended)
This is the safest method as it only enables legacy algorithms for specific hosts. 

Open your user configuration file: nano ~/.ssh/config.
Add a block for the specific legacy server:
ssh
Host legacy-server-ip
    KexAlgorithms +diffie-hellman-group1-sha1
    HostKeyAlgorithms +ssh-rsa
(You may also need to add HostKeyAlgorithms +ssh-rsa if the server uses older RSA signatures.) 
Method 3: System-Wide Configuration
To enable an older method for all users and all outbound connections, edit the global client config. 

Open the file with root privileges: sudo nano /etc/ssh/ssh_config.
Add the following line under the Host * section or at the end of the file:
ssh
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1


Host 20.0.0.27
    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa
    # Optional: Add KexAlgorithms if connection still fails
    KexAlgorithms +diffie-hellman-group1-sha1

Unable to negotiate with 20.0.0.27 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc

Host 20.0.0.27
    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa
    KexAlgorithms +diffie-hellman-group1-sha1
    Ciphers +aes128-cbc,3des-cbc,aes256-cbc,blowfish-cbc

    root@debian:~/asterisk# ssh root@20.0.0.27
/root/.ssh/config line 6: Bad SSH2 cipher spec '+aes128-cbc,3des-cbc,aes256-cbc,blowfish-cbc'.
/root/.ssh/config: terminating, 1 bad configuration options