SSH client and server have incompatible encryption algorithms (ciphers). Modern SSH clients disable weak legacy ciphers by default, causing connections to older servers to fail. Fix by enabling legacy ciphers in your client configuration.
This error occurs when your SSH client and the remote server cannot agree on a common encryption algorithm (cipher) to use for the connection. Modern SSH implementations (OpenSSH 7.6+) disabled older, weaker ciphers like 3des-cbc and aes128-cbc by default for security reasons. However, many legacy systems and devices still only support these older ciphers. When your client cannot find any cipher that both sides support, the connection is refused with this fatal error.
Run this command to see what encryption algorithms your SSH client supports:
ssh -Q cipherAlso check what the server advertises by attempting to connect with verbose output:
ssh -v [email protected] 2>&1 | grep cipherLook for lines showing "Their offer:" followed by a list of ciphers.
If you need to connect immediately, specify a cipher that both client and server support:
ssh -c aes128-cbc [email protected]If that fails, try other common legacy ciphers:
ssh -c 3des-cbc [email protected]You may also need to specify legacy key exchange algorithms:
ssh -c aes128-cbc -o KexAlgorithms=+diffie-hellman-group1-sha1 [email protected]For a permanent fix, edit your SSH client configuration file. Add a host-specific block to ~/.ssh/config (user) or /etc/ssh/ssh_config (system-wide):
Host legacy-server
HostName server.example.com
User username
Ciphers +aes128-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dssThe + prefix appends these algorithms to the default list rather than replacing it. Replace legacy-server with a memorable alias, and adjust the hostname, user, and algorithms to match what the server supports.
Test your SSH config changes without connecting:
ssh -G legacy-server | grep cipherThis shows what ciphers will be used. Then test the actual connection:
ssh legacy-serverIf it still fails, verify you used the correct cipher name and that the server actually supports it.
The ultimate fix is to upgrade SSH on the remote server to a modern version that supports current encryption standards. Weak ciphers are disabled by default because they pose security risks:
- 3des-cbc: Triple DES is slow and can be vulnerable to attacks
- aes128-cbc: CBC mode has known timing vulnerabilities
- diffie-hellman-group1-sha1: Weak key exchange susceptible to Logjam attacks
- ssh-dss (DSA): Deprecated since OpenSSH 7.0, planned for complete removal in 2025
If the server is a vendor device (router, switch, storage), contact support for firmware updates. If it's a server you control, update OpenSSH as soon as possible.
For server administrators: If you manage the SSH server, ensure it supports modern algorithms. Update /etc/ssh/sshd_config to include at least one modern cipher like [email protected] or [email protected]. Use sshd -T | grep ciphers to verify your configuration. For embedded systems or specialized hardware that only supports legacy ciphers, consider using an SSH bastion host or jump server running a newer SSH version as an intermediary.
Security note: Enabling legacy ciphers creates a security risk. Only enable them for systems you trust and that you plan to upgrade. Do not use legacy algorithms for internet-facing servers or sensitive data.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH