SSH: DH_GEX group out of range
If you want to use newer OpenSSH to connect to deprecated servers:
ssh -o KexAlgorithms=diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-dss my.host.com
Add -v if you want to see what's happening, and -o HostKeyAlgorithms=ssh-dss if it still doesn't work:
ssh -v -o HostKeyAlgorithms=ssh-dss -o KexAlgorithms=diffie-hellman-group14-sha1 my.host.com
You can also, of course, edit /etc/ssh/ssh_config or ~/.ssh/ssh_config, and add:
Host my.host.com *.myinsecure.net 192.168.1.* 192.168.2.*
HostKeyAlgorithms ssh-dss
KexAlgorithms diffie-hellman-group1-sha1
https://forum.ctwug.za.net/t/fyi-openssh-to-access-rbs-openssh-7/6069 mentions the following fix on Mikrotik Routerboards:
/ip ssh set strong-crypto=yes
(Noting this here because this answer also comes up on web searches when looking for a similar error message.)
If you want to use it over Git without editing your ssh_config or updating the SSH server:
GIT_SSH="ssh -oHostKeyAlgorithms=+ssh-dss -oKexAlgorithms=diffie-hellman-group14-sha1" git clone ssh://user@host/path-to-repository
It seems you have hit this bug.
Cause
A change was made to the openssh package, dealing with Diffie-Hellman Group Exchange. Previously, keys of size 1024 - 8192 could be exchanged. The minimum was raised to 1536 for added security and to avoid the "logjam" vulnerability. However, if used with some 3rd party ssh implementations which only support 1024, failure will occur. Ideally, the 3rd party ssh configuration or code should be updated to use larger key sizes.
...
You can find 3 different resolutions in the link. In situations where you don't have admin power or there is too much bureaucracy to get deeper changes, getting rid of the problematic algorithm while waiting for a SHA-2 availability in the server seemed the best option to me. You can even perform it in a user-based fashion in your $HOME/.ssh/config file.
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1