This error occurs when your SSH client and the remote SSH server cannot agree on a common encryption cipher. Modern SSH clients disable older, weaker ciphers by default for security, causing connections to legacy servers to fail.
SSH requires both the client and server to support at least one common encryption cipher to secure the connection. When they cannot find a matching cipher, negotiation fails. This typically happens when connecting to older servers or legacy network equipment that only supports deprecated encryption algorithms that modern SSH clients have disabled by default for security reasons.
Use ssh -v hostname to enable verbose output and see which ciphers the server advertises. Look for "server host key algorithms:" or "offer:" in the output to identify available ciphers.
ssh -v user@hostnameThe error message often includes "Their offer: xyz" showing the available ciphers directly.
For a one-time connection, use the -o Ciphers option to explicitly enable an old cipher:
ssh -o Ciphers=+aes128-cbc user@hostnameReplace aes128-cbc with the cipher your server offers. The + prefix adds this cipher to the available list without disabling modern ones.
Edit your ~/.ssh/config file (create it if it does not exist) and add a Host section for the legacy server:
Host legacy-server
HostName hostname.example.com
User username
Ciphers +aes128-cbc,aes256-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1Replace legacy-server with a memorable alias and hostname.example.com with the actual hostname. Add only the ciphers that the server supports (from step 1).
Then connect using the alias:
ssh legacy-serverAfter configuring, test the SSH connection:
ssh user@hostnameIf successful, you should receive a prompt for password or key-based authentication. If still failing, double-check that the cipher names match the server's offer (they are case-sensitive).
The best solution is to upgrade the SSH server on the remote machine to a modern version that supports current ciphers. If you control the remote server:
# On the remote server
sudo apt update && sudo apt upgrade openssh-server # Debian/Ubuntu
sudo yum update openssh-server # RHEL/CentOSAfter upgrading, you can remove the legacy cipher configuration from your SSH config and use standard secure ciphers.
SSH cipher negotiation uses a preference list. Your client suggests preferred ciphers in order, and the server chooses the first one it supports. If no intersection exists, negotiation fails. Legacy ciphers like 3des-cbc and aes128-cbc are weak by modern standards (vulnerable to various attacks), so enable them only for legacy systems you trust. Always prefer upgrading the server when possible. For network equipment like Cisco switches, firmware updates may be required instead of simple SSH server upgrades. If the server supports newer ciphers but your client is outdated, consider using a newer SSH client (OpenSSH 7.4+). Some systems use restricted SSH shells that disable certain ciphers; contact the administrator if you cannot modify client-side configuration.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH