Lubuntu 18.04 can't SSH to Cisco Router: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
Sophia Terry 
I'm not sure if this problem caused by Lubuntu or Cisco Router side.
Lubuntu = 192.168.1.100
Cisco Router = 192.168.1.1SSH from Lubuntu to Cisco Router
user@linux:~$ ssh -V
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
user@linux:~$
user@linux:~$ ssh admin@192.168.1.1
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
user@linux:~$ This is on Cisco Router side
R1#
*Mar 1 01:41:19.631: SSH2 0: no matching cipher found: client ,aes128-ctr,aes192-ctr,aes256-ctr,,
R1#SSH Verbose
user@linux:~$ ssh 192.168.1.1 -l admin -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version Cisco-1.25
debug1: match: Cisco-1.25 pat Cisco-1.* compat 0x60000000
debug1: Authenticating to 192.168.1.1:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: (no match)
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
user@linux:~$ More Cisco Log
R1(config)#ip ssh logging events
R1(config)#
R1(config)#
*Mar 1 01:56:21.723: SSH2 0: no matching cipher found: client ,aes128-ctr,aes192-ctr,aes256-ctr,,
R1(config)#
*Mar 1 01:56:21.723: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.168.1.100 (tty = 0) using crypto cipher '', hmac '' Failed
*Mar 1 01:56:21.723: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.168.1.100 (tty = 0) for user '' using crypto cipher '', hmac '' closed
R1(config)#What is the problem here and how to fix it?
Update 1
I've tried these as suggested here but it didn't solve the problem
user@linux:~$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.1
Unable to negotiate with 192.168.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
user@linux:~$
user@linux:~$ ssh -oHostKeyAlgorithms=+ssh-dss 192.168.1.1
Unable to negotiate with 192.168.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
user@linux:~$ 2 Answers
The problem is the Cisco router. Ubuntu's ssh client proposes a default set of modern and secure encryptions and the router proposes another set (with legacy algorithms) and they have none in common.
You can force ssh to add the weak legacy algorithms to its list of proposals:
From the command line:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 192.168.1.1or adding the option to ~/.ssh/config
Host 192.168.1.1 KexAlgorithms +diffie-hellman-group1-sha1As explained here (you have other solutions there), that might be not be enough and you might have to enable ssh-dss too.
ssh -oHostKeyAlgorithms=+ssh-dss 192.168.1.1or adding the option to ~/.ssh/config
Host 192.168.1.1 HostKeyAlgorithms +ssh-dsstry this one, you did not specify the cypher to use
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes128-cbc -l username 192.168.1.1
