no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 while accessing the TEA shell from ssh client
Article ID: KB0071468
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Administrator (TEA) | - |
Description
Unable to negotiate with ::1 port 2222: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
In this case, the client and server were unable to agree on the key exchange algorithm. The server offered only a single method diffie-hellman-group1-sha1. OpenSSH supports this method, but does not enable it by default because is weak and within theoretical range of the so-called Logjam attack.
In this case, the client and server were unable to agree on the key exchange algorithm. The server offered only a single method diffie-hellman-group1-sha1. OpenSSH supports this method, but does not enable it by default because is weak and within theoretical range of the so-called Logjam attack.
Issue/Introduction
no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 while accessing the TEA shell from ssh client
Environment
ALL
Resolution
First, please upgrade your TEA to the highest version that still works with your BW/Adapter or other applications.
For the case of the above error message, OpenSSH can be configured to enable the diffie-hellman-group1-sha1 key exchange algorithm (or any other that is disabled by default) using the KexAlgorithms option - either on the
1. command-line:
------------
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost
------------
2. Or in the ~/.ssh/config file:
Uncomment the below line in the ssh_config file present under ~/.ssh/config (user's configuration) /etc/ssh/ (system-wide configuration)
------------
MACs hmac-md5,hmac-sha1,umac-64@openssh.com
------------
Add the below two lines at the end of the ssh_config file:
------------
HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1
------------
Please contact TIBCO support if you still have questions.
For the case of the above error message, OpenSSH can be configured to enable the diffie-hellman-group1-sha1 key exchange algorithm (or any other that is disabled by default) using the KexAlgorithms option - either on the
1. command-line:
------------
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@legacyhost
------------
2. Or in the ~/.ssh/config file:
Uncomment the below line in the ssh_config file present under ~/.ssh/config (user's configuration) /etc/ssh/ (system-wide configuration)
------------
MACs hmac-md5,hmac-sha1,umac-64@openssh.com
------------
Add the below two lines at the end of the ssh_config file:
------------
HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1
------------
Please contact TIBCO support if you still have questions.
Additional Information
https://www.openssh.com/legacy.html
Feedback
Yes
No
Powered by
