Trying to logon to some older network switch management interfaces I came across a failure due to them using older SHA1 key exchanges and key types. Thankfully OpenSSH supports some legacy options to get around this, at least until we get the switches replaced or upgraded.
$ ssh firstname.lastname@example.org Unable to negotiate with 192.168.10.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
Add the option to use DH-G1-SHA1
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 email@example.com Unable to negotiate with 192.168.10.1 port 22: no matching host key type found. Their offer: ssh-dss
So now add the ability to use the host key type ssh-dss:
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss firstname.lastname@example.org
Now we’re on!