SSHing old devices : config snippet

Feb 18, 2026 by Thibault Debatty | 74 views

Sysadmin

https://cylab.be/blog/483/sshing-old-devices-config-snippet

SSH was created in 1995 by Tatu Ylönen, a researcher at the Helsinki University of Technology in Finland [1]. Over more than 30 years of existence, it has evolved to offer more security. But once in a while you may have to SSH into an older device that does not support modern SSH algorithms and mechanisms. This is typically the case to configure network devices like switches.

In such case SSH connection may fail with a laconic Unable to negotiate with 192.168.1.1 port 22. Here is a small config snippet to quickly fix the issue…

Config snippet

To allow older (and less secure) connection mechanisms for your device, add the following lines to ~/.ssh/config:

Host 192.168.1.1
    KexAlgorithms +diffie-hellman-group1-sha1
    HostKeyAlgorithms +ssh-dss
    Ciphers +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

⚠ Don’t forget to modify 192.168.1.1 to match the IP or name of your device!

While modern SSH connections offer robust security, there are still instances where older devices may require less secure mechanisms to establish a connection. By adding these specific configuration lines to your SSH client’s configuration file, you can bypass compatibility issues and successfully SSH into these older devices. With this solution, you’ll be able to configure network devices like switches with ease, even when faced with legacy SSH limitations.

Going further

  1. https://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch01_05.htm

This blog post is licensed under CC BY-SA 4.0

How to Reset a Forgotten Root Password on Linux Distros

Linux Sysadmin

Jan 21, 2026 | 943 views
Move /home directory (or any other) to a dedicated partition

Linux Sysadmin

Jan 20, 2026 | 479 views
Configure client-server OpenVPN on OPNSense

Sysadmin

Dec 20, 2025 | 1597 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept