SSH Unable to negotiate

Trying to connect to some older Cisco routers from a reasonabley modern linux machine gave me the following errors:

Unable to negotiate with 1.1.1.1 port 22: no matching host key type found. Their offer: ssh-rsa
Unable to negotiate with 1.1.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

You can include additional options as a work around as below:

ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostkeyAlgorithms=+ssh-rsa lab@1.1.1.1

This includes additional options for both the key exchange and host key algorithms that are typically deprecated now.

SCP

This also affects scp and can be worked around in a similar fashon using the options flags e.g.:

scp -o KexAlgorithms=+diffie-hellman-group14-sha1 asr900rsp2-universalk9_npe.16.08.01c.SPA.bin lab@1.1.1.1:/asr900rsp2-universalk9_npe.16.08.01c.SPA.bin

Working around these issues is less preferable to fixing the algorithms used (in my case by a Cisco router) but hopefully this helps someone else out in a pinch :)

m00nie