SSH to hosts with older ciphers

We have some older Cisco equipment that runs SSH with some untrusted ciphers. Specifically the key exchange is still using SHA1, which modern Linux distributions have deprecated. You may see something like this:

Unable to negotiate with 234.234.234.234 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

You can work around this by putting this in your ~/.ssh/config

Host 234.234.234.234
    KexAlgorithms +diffie-hellman-group1-sha1

Borrowed from StackExchange.



Note: Replies will be formatted with PHP Markdown Extra syntax.

Name: Email (Not Required):
 
Logged IP: 54.80.96.153
To prevent spam please submit by clicking the kitten: