At my job I work with a mix of old and new wireless equipment. Some of the old stuff, such as Ubiquiti Nanostation2s, may not automatically let you ssh into them from newer workstations due these old devices using old / weak / outdated encryption algorithms, which newer operating systems tend to disable by default. If you’ve run into this, you’ll probably see a message along these lines:
user@host:~$ ssh user@olddevice Unable to negotiate with olddevice port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
As per the OpenSSH Legacy page, which I used at first until it became too annoying, you can just copy the string they share and append the user@olddevice, then log in as you’d expect:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@olddevice
To make things even easier, if you’re on Linux, especially if you may periodically need to SSH into a legacy device, is to add the necessary lines to your .ssh/config file, as such:
user@host:~$ cat .ssh/config Host 192.168.111.101 KexAlgorithms +diffie-hellman-group1-sha1 Ciphers +aes256-cbc Host 192.168.111.102 KexAlgorithms +diffie-hellman-group1-sha1 Ciphers +aes256-cbc Host 192.168.111.103 KexAlgorithms +diffie-hellman-group1-sha1 Ciphers +aes256-cbc
For whatever reason, I wasn’t able to get the example config offered on the OpenSSH Legacy page to work on my old machine, so after some time and annoyances in looking for the exact string to add to the ssh command every few months when I needed it, I finally worked out the above from some other source.
There may be some other, similar errors you encounter that may be answered by using the OpenSSH Legacy page information. My usage and need is limited to logging into older Ubiquiti radios where the last-available firmware update was from 2015. In my case, I’m not worried if my connection to a radio isn’t secure — I log into these old devices to run iwconfig or athstats — to get some wireless statistics. If you’re doing something with sensitive information, you may want to try and use the strongest encryption algorithm that your old device will accept.
I am by no means an expert or really even vaguely familiar with this, just a random person who stumbled on some info that helped solve a problem I had. However, if you have any questions, I’ll see what I can do to help.