Some encryption algorithms are now considered weak and breakable. New machines running newer versions of ssh and scp will generally disallow these older algorithms.
So if you are logged into the Linux shell on a newer machine such as aqua-new.rahul.net, and try to do an ssh to or scp to/from to some other machine that is very old, the connection may abort with an error message. The error message will typically contain a phrase similar to “no matching key exchange method”.
You can ask ask scp or ssh on the new machine to downgrade its security to allow connecting to an old server. To achieve this, create a file called ~/.ssh/config (by which we mean a file called
config inside a directory called
.ssh inside your home directory) and into that put entries like the ones shown below, one for each remote machine to which you want to make a downgraded less secure connection.
Both ssh and scp will consult this file and will then make a less secure connection to each listed machine.
Please use copy-and-paste from below to prevent typographical errors.
# This file is: ~/.ssh/config # downgraded less secure connection to machine xxx.example.com Host xxx.example.com Hostname xxx.example.com KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms +ssh-dss Ciphers +aes128-cbc # downgraded less secure connection to machine yyy.example.com Host yyy.example.com Hostname yyy.example.com KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms +ssh-dss Ciphers +aes128-cbc''