关于no matching key exchange method found. Their offer: diffie-hellman-group1-sha1的解决办法

原文链接：https://mycyberuniverse.com/error/no-matching-key-exchange-method-found-openssh7.html

What causes this problem

OpenSSH 7.0 deprecated the diffie-hellman-group1-sha1 key algorithm because it is weak and within theoretical range of the so-called Logjam attack. See the www.openssh.com/legacy.html page for more information.

If the client and server are unable to agree on a mutual set of parameters then the connection will fail. OpenSSH (7.0 and greater) will produce an error message like this:

Unable to negotiate with host: no matching key exchange method found.
Their offer: diffie-hellman-group1-sha1

In this case, the client and server were unable to agree on the key exchange algorithm because the server offered only a single method diffie-hellman-group1-sha1.

How to fix it

The best resolution for these failures is to upgrade/configure the server to not use deprecated algorithms. If that is not possible, you can force the client to re-enable the diffie-hellman-group1-sha1 key exchange algorithm with the -oKexAlgorithms=+diffie-hellman-group1-sha1 option on the command-line:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@host

or in the ~/.ssh/config file:

Host somehost.example.org
    KexAlgorithms +diffie-hellman-group1-sha1

注意：这里的两行代码分开写，另外Host后面的网址不要用IP地址代替（如果dns无法解析就在hosts文件中添加即可）

If this article helped you solve the problem then please leave a comment. 

Thanks for reading!