top of page
  • Writer's pictureClifford McGraw Jr.

No matching key exchange method found

Updated: Dec 28, 2023

Work Story

At work we recently replaced a switch with a brand new out of the box switch. One of the guys on my team updated the configuration and OS on the switch. I plugged the new switch in the place of the old switch and connected everything that goes to the switch, and nothing worked right.


  1. It's one of two switches in a VLT pair and they were both coming up "standalone"

  2. When we'd ssh to the switch we'd get the "No matching key exchange method found" message.


  1. Upload the correct OS on the switch which had VLT features and the correct sha-256 algorithms.

In the meantime there were two ways to get around the fact that we could only use sha-1 algorithms, edit the ssh_config file or specify the algorithm you want ssh to use when typing out the ssh command.

Here's how to specify the algorithm when typing the ssh command

Type command below. Keep in mind, you can use whatever algorithm is being requested in place of the algorithm I used.

ssh -o KexAlgorithms=diffie-hellman-group-exchange-sha1 username@hostname

Here's how to edit the ssh_config file.

Open ssh_config file in text editor of your choice.

The command below opens it in Vim.

sudo vim /etc/ssh/ssh_config

Locate this line

# MACs hmac-md5,hmac-sha1,,hmac-ripemd160

Remove # and insert the below encryption in between hmac-sha1, and

The line should look like this afterward. You may be able to paste this line in place of the other one (I would just type it in, but do you.)

   MACs hmac-md5,hmac-sha1,hmac-sha2-256,,hmac-ripemd160

Remove # from this line

# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc

Paste the following at the bottom of the file.

HostkeyAlgorithms ssh-dss,ssh-rsa 
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1

Save file and try to SSH to the device that had problems.

bottom of page