SSH Issue no kex alg

So what is happened? What’s causing it? Well, a modern operating system like Debian Jessie is packaged with OpenSSH 6.7 or newer  – and OpenSSH 6.7 disables some ciphers, as per changelog  As Russel rightly pointed out in the comments section below ‘”kex” is “key exchange”.x


So it’s time to upgrade your client! However, if for some bizarre reasons those pesky sysadmins are refusing to upgrade client software then that leaves you with two options:

  • if you have physical access to the client, merely spill coffee or some other beverage on it (alright, just joking)
  • or edit /etc/ssh/sshd_config on the server, append the following line and restart sshd daemon
KexAlgorithms diffie-hellman-group1-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

Now your old client should be able to connect to the server plus you have successfully created a security vulnerability on your machine. How exciting!

If you’re still dying to know what mechanisms your system supports run:

The post SSH Issue no kex alg appeared first on