# Key problem with ssh to Linux



## bangmyhead (Apr 16, 2021)

Hello, I am trying to connect to an old Redhat Linux and I can not for the next reason:


```
Unable to negotiate with 1.1.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
```


----------



## aragats (Apr 16, 2021)

bangmyhead said:


> Unable to negotiate with 1.1.1.1 port 22


1.1.1.1 is a public DNS by Cloudflare, of course it won't work (-;


----------



## SirDice (Apr 16, 2021)

bangmyhead said:


> an old Redhat Linux


Doesn't support newer keys. And those old SHA1 keys have been disabled because they're insecure.


----------



## bangmyhead (Apr 16, 2021)

aragats said:


> 1.1.1.1 is a public DNS by Cloudflare, of course it won't work (-;


1.1.1.1 its an example, I did not put the original IP. Sorry, I did not told you that at first.


----------



## wolffnx (Apr 16, 2021)

bangmyhead said:


> Hello, I am trying to connect to an old Redhat Linux and I can not for the next reason:
> 
> `Unable to negotiate with 1.1.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1`


happened to me with some cisco routers, just use 
`ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 <server>`


----------



## bangmyhead (Apr 16, 2021)

SirDice said:


> wolffnx said:
> 
> 
> > happened to me with some cisco routers, just use
> ...


Hello, I tried but I get this:


```
Unable to negotiate with 1.1.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
```


----------



## ondra_knezour (Apr 16, 2021)

`ssh -Q cipher` would tell you what yours side supports, find matching one in "their offer" output and add it to your command in similar fashion like the key exchange one. The option is `-oCiphers`


----------



## scottro (Apr 16, 2021)

Try ssh -o HostKeyAlgorithms=ssh-dss


----------

