{"id":4517,"date":"2022-07-20T11:17:00","date_gmt":"2022-07-20T16:17:00","guid":{"rendered":"https:\/\/www.incredigeek.com\/home\/?p=4517"},"modified":"2022-07-20T11:50:09","modified_gmt":"2022-07-20T16:50:09","slug":"troubleshooting-ssh-no-matching-key-exchange-host-key-method-type-found-errors","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/troubleshooting-ssh-no-matching-key-exchange-host-key-method-type-found-errors\/","title":{"rendered":"Troubleshooting SSH &#8220;No Matching Key Exchange\/Host Key Method\/Type Found&#8221; errors"},"content":{"rendered":"\n<p>It can be common for older devices to throw errors like the following when trying to ssh into them.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Unable to negotiate with 192.168.1.1 port 22: no matching <strong>key exchange<\/strong> method found. Their offer: <strong>diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1<\/strong><\/pre>\n\n\n\n<p>or <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Unable to negotiate with 192.168.1.1 port 22: no matching <strong>host key<\/strong> type found. Their offer: <strong>ssh-rsa<\/strong><\/pre>\n\n\n\n<p><em>There can also be a <\/em><a href=\"https:\/\/www.incredigeek.com\/home\/no-matching-cipher-found-their-offer-aes128-cbc3des-cbc\/\">No Matching Cipher Found<\/a><em> error.  We have talked about that in the past<\/em>.<\/p>\n\n\n\n<p>The issue is that your version of SSH does not support those older, and most likely insecure, Key Exchange and Host Key algorithms types.  The errors do give us enough info to add the right options to connect to the device.  <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">No Matching Key Exchange Method Found<\/h2>\n\n\n\n<p>For the &#8220;no matching <strong>key exchange<\/strong> method found.&#8221; we need to manually add the KexAlgorithms option.  KexAlgorithms means Key Exchange Algorithm.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh -o KexAlgorithms=+<strong>diffie-hellman-group14-sha1<\/strong> username@192.168.1.1<\/pre>\n\n\n\n<p>Change out &#8220;diffie-hellman-group14-sha1&#8221; for a supported Key Exchange algorithm.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">No Matching Host Key Type Found<\/h2>\n\n\n\n<p>This issue is with the Host Key algorithm type.  We&#8217;ll use the -o option with the HostKeyAlgorithms option.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh -o HostKeyAlgorithms=+<strong>ssh-rsa<\/strong> admin@192.168.1.1<\/pre>\n\n\n\n<p>Change our <strong>ssh-rsa<\/strong> with a supported &#8220;Their offer:&#8221; Host Key.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Putting it all together<\/h2>\n\n\n\n<p>You can combine the options if needed.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh -o KexAlgorithms=+diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa admin@192.168.1.1<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p>We have covered some of these topics before.  Be sure to check them out.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.incredigeek.com\/home\/no-matching-cipher-found-their-offer-aes128-cbc3des-cbc\/\" data-type=\"post\" data-id=\"2957\">no matching cipher found. Their offer: aes128-cbc,3des-cbc\u2026<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.incredigeek.com\/home\/no-matching-key-exchange-method-found-their-offer-diffie-hellman-group1-sha1\/\" data-type=\"post\" data-id=\"2846\">no matching key exchange method found. Their offer: diffie-hellman-group1-sha1<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.incredigeek.com\/home\/no-matching-host-key-type-found-their-offer-ssh-dss\/\" data-type=\"post\" data-id=\"2829\">no matching host key type found. Their offer: ssh-dss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It can be common for older devices to throw errors like the following when trying to ssh into them. Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 or Unable to negotiate with &hellip; <a href=\"https:\/\/www.incredigeek.com\/home\/troubleshooting-ssh-no-matching-key-exchange-host-key-method-type-found-errors\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[573,129],"tags":[1324,1322,1326,1325,1323,221,1327],"class_list":["post-4517","post","type-post","status-publish","format-standard","hentry","category-security","category-ubiquiti","tag-algorithms","tag-host-key","tag-hostkeyalgorithms","tag-kexalgorithms","tag-key-exchange","tag-ssh","tag-ssh-rsa"],"_links":{"self":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/comments?post=4517"}],"version-history":[{"count":1,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4517\/revisions"}],"predecessor-version":[{"id":4518,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/4517\/revisions\/4518"}],"wp:attachment":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/media?parent=4517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/categories?post=4517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/tags?post=4517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}