1.9 KiB
nano ~/.ssh/config
Host legacy-server-ip KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms +ssh-rsa
Method 1: Temporary (Command Line)
To connect once without changing system files, use the -o flag to append the required algorithm.
bash ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacy-host Note: The + prefix ensures you append to the default list rather than replacing it.
Method 2: Per-User Configuration (Recommended) This is the safest method as it only enables legacy algorithms for specific hosts.
Open your user configuration file: nano ~/.ssh/config. Add a block for the specific legacy server: ssh Host legacy-server-ip KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms +ssh-rsa (You may also need to add HostKeyAlgorithms +ssh-rsa if the server uses older RSA signatures.) Method 3: System-Wide Configuration To enable an older method for all users and all outbound connections, edit the global client config.
Open the file with root privileges: sudo nano /etc/ssh/ssh_config. Add the following line under the Host * section or at the end of the file: ssh KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
Host 20.0.0.27 HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa # Optional: Add KexAlgorithms if connection still fails KexAlgorithms +diffie-hellman-group1-sha1
Unable to negotiate with 20.0.0.27 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc
Host 20.0.0.27 HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa KexAlgorithms +diffie-hellman-group1-sha1 Ciphers +aes128-cbc,3des-cbc,aes256-cbc,blowfish-cbc
root@debian:~/asterisk# ssh root@20.0.0.27
/root/.ssh/config line 6: Bad SSH2 cipher spec '+aes128-cbc,3des-cbc,aes256-cbc,blowfish-cbc'. /root/.ssh/config: terminating, 1 bad configuration options