How to fix diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

I was trying to connect to some old Centos5 server via SSH for which I always have to restart the SSH services from WHM before taking access to the same.

This time I got a different error and the error is like this

Unable to negotiate with 198.57.x.x port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

even after restarting the ssh services multiple times

Then I try to Google it but didn’t get any relevant answer and at last, this solution worked for me where you can pass the client-side ciphers either from the command line or if you already have a config file then by adding those lines over there

Host serveralias
HostName 198.57.x.x
Ciphers 3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
Port 22
User root


or from the command line if you don’t want to modify the config file and pass the cipher manually within the command

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc [email protected]

This must be the error from my server end because now after updating to Monterey in Mac OS it doesn’t allow directly to connect to TLS 1.0 as it requires TLS 1.1 or 1.2 whereas on Centos 5 an old server which we can’t upgrade because of the existing clients or application running over there.

I hope this will help the people who are looking for a similar solution to such a problem while connecting to the server using command line ssh command and getting similar error and now you know how to override or bypass the same.


You may also like...