SSH : Unable to negotiate with XXX.XXX.XX.XXX : no matching key exchange method found. They offer: diffie-hellman-group1-sha1

Question

I'm trying to clone a repo on Windows with MINGW64 and I get this error.

$ git clone ssh://user@server/myproject && scp -p -P XXXXX user@server:hooks/commit-msg myproject/.git/hooks/
Cloning into 'myproject'...
Unable to negotiate with XXX.XXX.XX.XXX: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
fatal: Could not read from remote repository.

*Already check the doc http://www.openssh.com/legacy.html and the Solution in the post http://www.openssh.com/legacy.html and still get the error.

Already added this to my config file Host somehost.example.org KexAlgorithms +diffie-hellman-group1-sha1

Any Help?

You could try to search for your error message. That seems to lead directly to documentation on the openssh.com website. — larsks, May 12 '16 at 13:09
I already checked the Documentation and follow the steps but still get the same error. @larsks — Rafael Reyes, May 12 '16 at 13:18
Then update your question to show you what you've tried (the specific command line), otherwise we're just going to keep telling you the same thing. — larsks, May 12 '16 at 13:25
Your update does not show that you are using the solutions from http://www.openssh.com/legacy.html. — larsks, May 12 '16 at 13:34
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/111772/discussion-between-rafael-reyes-and-larsks). — Rafael Reyes, May 12 '16 at 13:44

score 9 · Accepted Answer · edited May 23 '17 at 12:10

9

group1 is weak and should be disabled; see https://weakdh.org/sysadmin.html

A server that only supports group1 is really bad. Asking the server operator to upgrade it is the right fix.

If you're desperate to connect to it anyway, you should be able to tell your client to enable it with the ssh option KexAlgorithms +diffie-hellman-group1-sha1. It can be set in the ssh config file or on the command line with -o. If you want to use the command line option you'll need to tell git to pass the option to ssh, which is explained in the answers to this question: Passing ssh options to git clone

edited May 23 '17 at 12:10

Community

1
1

answered May 12 '16 at 14:57

1

It works! Thanks for your answer! – Rafael Reyes May 12 '16 at 15:07
The repository specific config file of git did not pick up the command line arguments given using -o. So I had to give these parameters (KexAlgorithms +diffie-hellman-group1-sha1) to ssh in ~/.ssh/config. Then it worked. I suspect the issue was that when I gave these parameters to the repository specific git config file, the ssh hostname that git was picking up was the actual IP address, while when I gave these parameter to the ssh config file, ssh applied it to the FQDN of the hostname, and it worked. It is weird. – zafar142003 Jul 18 '17 at 04:50

SSH : Unable to negotiate with XXX.XXX.XX.XXX : no matching key exchange method found. They offer: diffie-hellman-group1-sha1

1 Answers1