{"id":1995,"date":"2022-10-09T18:49:58","date_gmt":"2022-10-09T18:49:58","guid":{"rendered":"https:\/\/linuxdigest.com\/?p=1995"},"modified":"2023-04-04T23:50:22","modified_gmt":"2023-04-04T23:50:22","slug":"how-to-fix-ssh-algorithm-errors","status":"publish","type":"post","link":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/","title":{"rendered":"How to fix SSH algorithm errors"},"content":{"rendered":"\n

With older SSH servers, you will occasionally run into errors where the encryption algorithms offered are incompatible with your client. In this article, I will cover some of the most common and how to get around them using OpenSSH.<\/p>\n\n\n\n

These errors will, in most cases, be because the server or client is outdated. That means it is most likely using algorithms that are no longer considered secure. It is important to note that a permanent fix in these situations is to update your software.<\/p>\n\n\n\n

Of course, things are not always this simple. An example of this would be if the server is not under your control or it is some networking equipment that does not have a firmware update available. And, of course, you will at least need access to the server to update it. In this article, I will try to help you do that.<\/p>\n\n\n\n

“sign_and_send_pubkey: no mutual signature supported”<\/h3>\n\n\n\n

The server wants the client to send its public key using a signature algorithm that the client does not support. When this is written, likely, the algorithm in question is ssh-rsa. The ssh-rsa algorithm was deprecated in OpenSSH in version 8.7.<\/a><\/p>\n\n\n\n

The reason for this is that the original ssh-rsa algorithm in the SSH protocol uses SHA1. With more recent hardware, it is possible to crack SHA1 encryption.<\/p>\n\n\n\n

Newer servers will try to use rsa-sha2-256 or rsa-sha2-256 if you have a rsa key. If you are using some other type of SSH key, such as ed25519, the connection will use that algorithm and bypass this problem.<\/p>\n\n\n\n

Your client will still allow you to use the older ssh-rsa algorithm if you specify it. Either on the command line:<\/p>\n\n\n\n

ssh -o PubkeyAcceptedKeyTypes=+ssh-rsa user@host<\/pre>\n\n\n\n
You can also add this to the bottom of your configuration file at \/etc\/ssh\/ssh_config<\/p>\n\n\n\n
PubkeyAcceptedKeyTypes +ssh-rsa<\/pre>\n\n\n\n
Unable to negotiate with brokenhost port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1<\/h3>\n\n\n\n
This error is basically because of the same as above. For DH negotiation, the server is only offering SHA1-based algorithms.<\/p>\n\n\n\n
To temporarily get around this, you should pick one of the algorithms listed in the error message and have the client accept that.<\/p>\n\n\n\n
ssh -o KexAlgorithms=+diffie-hellman-group-exchange-sha1 user@host<\/pre>\n\n\n\n
You can also add the algorithm to your \/etc\/ssh\/ssh_config file. This will enable it for all hosts.<\/p>\n\n\n\n
KexAlgorithms +diffie-hellman-group-exchange-sha1<\/pre>\n\n\n\n
You could also just enable it for this particular host in your ~\/.ssh\/config file<\/p>\n\n\n\n
Host brokenhost.example.com\n    KexAlgorithms +diffie-hellman-group-exchange-sha1<\/pre>\n\n\n\n
Unable to negotiate with brokenhost: no matching host key type found. Their offer: ssh-dss<\/h3>\n\n\n\n
In this example, the SSH server is trying to send its host key with a type the client does not support. Here we can specify the allowed host key types with the HostKeyAlgorithms parameter.<\/p>\n\n\n\n
ssh -o HostKeyAlgorithms=+ssh-dss user@brokenhost<\/pre>\n\n\n\n
As before, you can also enable the algorithm globally by adding the option to the bottom of your \/etc\/ssh\/ssh_config file:<\/p>\n\n\n\n
HostKeyAlgorithms +ssh-dss<\/pre>\n\n\n\n
Or just enable it for this particular host in your ~\/ssh\/config file:<\/p>\n\n\n\n
Host brokenhost.example.com\n    HostKeyAlgorithms +ssh-dss<\/pre>\n\n\n\n
Some ways to debug an algorithm mismatch<\/h3>\n\n\n\n
If the options above don’t solve your problem, there are some ways to get more detailed information from your client.<\/p>\n\n\n\n
The first thing I would try is to connect to the server in verbose mode. This should show you where in the process the negotiation failed and hopefully show what algorithms are offered.<\/p>\n\n\n\n
ssh -v user@brokenhost<\/pre>\n\n\n\n
To get your SSH client to dump all the parameters, it is using to connect, you can use the -G option. This will show you what algorithms the client accepts.<\/p>\n\n\n\n
ssh -G user@brokenhost<\/pre>\n\n\n","protected":false},"excerpt":{"rendered":"
With older SSH servers, you will occasionally run into errors where the encryption algorithms offered are…<\/p>\n","protected":false},"author":1,"featured_media":2002,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[18],"yoast_head":"\nHow to fix SSH algorithm errors - Linux Digest<\/title>\n<meta name=\"description\" content=\"Not able to connect via SSH? No mutual signature, no matching host key or key exchange. Read on to get up and running again.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to fix SSH algorithm errors - Linux Digest\" \/>\n<meta property=\"og:description\" content=\"Not able to connect via SSH? No mutual signature, no matching host key or key exchange. Read on to get up and running again.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Digest\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-09T18:49:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-04T23:50:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/linuxdigest.com\/wp-content\/uploads\/2022\/10\/pubkeyacceptedalgorithms-ssh-ed25519-cert-v01@openssh.com_.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1080\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"The Linux Digest Guy\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"The Linux Digest Guy\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/\"},\"author\":{\"name\":\"The Linux Digest Guy\",\"@id\":\"https:\/\/linuxdigest.com\/#\/schema\/person\/29c97230aa94affab929a88c6a10adb2\"},\"headline\":\"How to fix SSH algorithm errors\",\"datePublished\":\"2022-10-09T18:49:58+00:00\",\"dateModified\":\"2023-04-04T23:50:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/\"},\"wordCount\":577,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/linuxdigest.com\/#organization\"},\"keywords\":[\"SSH\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/\",\"url\":\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/\",\"name\":\"How to fix SSH algorithm errors - Linux Digest\",\"isPartOf\":{\"@id\":\"https:\/\/linuxdigest.com\/#website\"},\"datePublished\":\"2022-10-09T18:49:58+00:00\",\"dateModified\":\"2023-04-04T23:50:22+00:00\",\"description\":\"Not able to connect via SSH? No mutual signature, no matching host key or key exchange. Read on to get up and running again.\",\"breadcrumb\":{\"@id\":\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/linuxdigest.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to fix SSH algorithm errors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/linuxdigest.com\/#website\",\"url\":\"https:\/\/linuxdigest.com\/\",\"name\":\"Linux Digest\",\"description\":\"Linux tutorials for everyone\",\"publisher\":{\"@id\":\"https:\/\/linuxdigest.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/linuxdigest.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/linuxdigest.com\/#organization\",\"name\":\"Linux Digest\",\"url\":\"https:\/\/linuxdigest.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/linuxdigest.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/linuxdigest.com\/wp-content\/uploads\/2019\/11\/logo1.png\",\"contentUrl\":\"https:\/\/linuxdigest.com\/wp-content\/uploads\/2019\/11\/logo1.png\",\"width\":1102,\"height\":170,\"caption\":\"Linux Digest\"},\"image\":{\"@id\":\"https:\/\/linuxdigest.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/linuxdigest.com\/#\/schema\/person\/29c97230aa94affab929a88c6a10adb2\",\"name\":\"The Linux Digest Guy\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/linuxdigest.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ac6bcf745dec6961360ccf2d2711f26c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ac6bcf745dec6961360ccf2d2711f26c?s=96&d=mm&r=g\",\"caption\":\"The Linux Digest Guy\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to fix SSH algorithm errors - Linux Digest","description":"Not able to connect via SSH? No mutual signature, no matching host key or key exchange. Read on to get up and running again.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/","og_locale":"en_US","og_type":"article","og_title":"How to fix SSH algorithm errors - Linux Digest","og_description":"Not able to connect via SSH? No mutual signature, no matching host key or key exchange. Read on to get up and running again.","og_url":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/","og_site_name":"Linux Digest","article_published_time":"2022-10-09T18:49:58+00:00","article_modified_time":"2023-04-04T23:50:22+00:00","og_image":[{"width":1080,"height":1080,"url":"https:\/\/linuxdigest.com\/wp-content\/uploads\/2022\/10\/pubkeyacceptedalgorithms-ssh-ed25519-cert-v01@openssh.com_.png","type":"image\/png"}],"author":"The Linux Digest Guy","twitter_card":"summary_large_image","twitter_misc":{"Written by":"The Linux Digest Guy","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/#article","isPartOf":{"@id":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/"},"author":{"name":"The Linux Digest Guy","@id":"https:\/\/linuxdigest.com\/#\/schema\/person\/29c97230aa94affab929a88c6a10adb2"},"headline":"How to fix SSH algorithm errors","datePublished":"2022-10-09T18:49:58+00:00","dateModified":"2023-04-04T23:50:22+00:00","mainEntityOfPage":{"@id":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/"},"wordCount":577,"commentCount":0,"publisher":{"@id":"https:\/\/linuxdigest.com\/#organization"},"keywords":["SSH"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/","url":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/","name":"How to fix SSH algorithm errors - Linux Digest","isPartOf":{"@id":"https:\/\/linuxdigest.com\/#website"},"datePublished":"2022-10-09T18:49:58+00:00","dateModified":"2023-04-04T23:50:22+00:00","description":"Not able to connect via SSH? No mutual signature, no matching host key or key exchange. Read on to get up and running again.","breadcrumb":{"@id":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/linuxdigest.com\/howto\/how-to-fix-ssh-algorithm-errors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/linuxdigest.com\/"},{"@type":"ListItem","position":2,"name":"How to fix SSH algorithm errors"}]},{"@type":"WebSite","@id":"https:\/\/linuxdigest.com\/#website","url":"https:\/\/linuxdigest.com\/","name":"Linux Digest","description":"Linux tutorials for everyone","publisher":{"@id":"https:\/\/linuxdigest.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/linuxdigest.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/linuxdigest.com\/#organization","name":"Linux Digest","url":"https:\/\/linuxdigest.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/linuxdigest.com\/#\/schema\/logo\/image\/","url":"https:\/\/linuxdigest.com\/wp-content\/uploads\/2019\/11\/logo1.png","contentUrl":"https:\/\/linuxdigest.com\/wp-content\/uploads\/2019\/11\/logo1.png","width":1102,"height":170,"caption":"Linux Digest"},"image":{"@id":"https:\/\/linuxdigest.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/linuxdigest.com\/#\/schema\/person\/29c97230aa94affab929a88c6a10adb2","name":"The Linux Digest Guy","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/linuxdigest.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ac6bcf745dec6961360ccf2d2711f26c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ac6bcf745dec6961360ccf2d2711f26c?s=96&d=mm&r=g","caption":"The Linux Digest Guy"}}]}},"_links":{"self":[{"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/posts\/1995"}],"collection":[{"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/comments?post=1995"}],"version-history":[{"count":5,"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/posts\/1995\/revisions"}],"predecessor-version":[{"id":2095,"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/posts\/1995\/revisions\/2095"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/media\/2002"}],"wp:attachment":[{"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/media?parent=1995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/categories?post=1995"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxdigest.com\/wp-json\/wp\/v2\/tags?post=1995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}