How to include key exchange algorithms required to connect to router using OpenSSH client?

Question

With OpenSSH_8.9p1 for Windows, I'm trying to connect to a NuCom router NC-WR764TGV:

ssh user@192.168.1.1

Output:

Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found.
Their offer: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.au

Thus I tried:

ssh user@192.168.1.1 -oKexAlgorithms=+diffie-hellman-group1-sha1

Output:

Unable to negotiate with 192.168.1.1 port 22: no matching host key type found.
Their offer: ssh-rsa

Then:

ssh user@192.168.1.1 -oKexAlgorithms=+diffie-hellman-group1-sha1,+ssh-rsa    

Output:

Unsupported KEX algorithm "ssh-rsa" command-line line 0: Bad SSH2 KexAlgorithms '+ssh-rsa'.

With ssh on my linux clients I had identical results. How can I talk to this router?

Answer 1

"ssh-rsa" is not a key exchange algorithm – it is a public-key signature algorithm and goes in the HostKeyAlgorithms and/or PubkeyAcceptedAlgorithms lists (the former to accept RSA-SHA1 signatures from the server during host verification, the latter to send RSA-SHA1 signatures to the server during user pubkey authentication)

(Note also that the + or - flags can only be specified once for the entire list – they are not repeated for individual items.)

For really ancient devices that OpenSSH no longer supports, use the plink SSH client from PuTTY.