SSH: "no matching key exchange method found" when KexAlgorithm is listed as available
When I try to ssh to one of my switches I get the following error:
$ ssh remotehost
Unable to negotiate with 1.2.3.4 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1
If I list available key exchange algorithms I can see that we do have it;
$ ssh -Q kex
...
...
diffie-hellman-group14-sha1
...
Specifying it manually as an option does work, as well as creating an .ssh/config entry for it, but shouldn't this be automatically picked if it's in the kex list?
ssh -o KexAlgorithms=diffie-hellman-group14-sha1 user@remotehost
.ssh/config
Host remotehost
KexAlgorithms +diffie-hellman-group14-sha1
The diffie-hellman-group1-sha1 key exchange method is disabled by default in recent SSH versions. The config option is your only way to do it. Check the openssh legacy issues page for details