Cannot ssh. "no matching key exchange method found"

j0hn · June 29, 2025, 10:55am

Hi,

I’m a bit of a newbie at this but I’ve previously been able to ssh into my HAOS system but recently it comes up with the error:

Unable to negotiate with 192.168.68.108 port 22: no matching key exchange method found. Their offer: mlkem768x25519-sha256,sntrup761x25519-sha512,[email protected],ext-info-s,[email protected]

HAOS is running on a laptop that is connected via Wi-Fi. I can access home assistant and have the Advanced SSH & web terminal Add on installed so I can access the terminal. But I cannot figure out why it wont let me connect from my windows command line on the same network.

I have a RaspberryPi and an OrangePi on the same network and I can SSH into both of those just fine.

Any help or suggestions would be greatly appreciated.

WallyR · June 29, 2025, 11:00am

It is yelling you that none of the encryption methods used on the client match the ones used on the server, so they can not agree to on one to talk through.

What client are you using?

j0hn · June 29, 2025, 11:04am

I was using windows command Prompt but also doesn’t work on an SSH app on my phone.

WallyR · June 29, 2025, 11:06am

Try putty instead

j0hn · June 29, 2025, 11:10am

Thank you so much that worked.

Strange that it was working before though.

Thanks for your help.

j0hn · June 29, 2025, 11:15am

It would be good to know why it stopped working in the first place.

During some research I got to the ssh_config file which looks like this:

#Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,[email protected]
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k

HostKeyAlgorithms -ecdsa-sha2-nistp256,[email protected],ecdsa-sha2-nistp384,[email protected]>
KexAlgorithms -diffie-hellman-group14-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
MACs -hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,[email protected],[email protected],[email protected]

But again I’m not sure if anything is wrong here.

francisp · June 29, 2025, 11:54am

Did you recently update the Advanced SSH & web terminal Add on ?

j0hn · June 29, 2025, 12:03pm

Yes I did 2 days ago which I think is the reason it’s not working now.

I will raise an issue on the Github page.

j0hn · June 29, 2025, 12:10pm

https://github.com/hassio-addons/addon-ssh/issues/904

Seems like they changed the KEX limitations.

WallyR · June 29, 2025, 12:55pm

No reason to raise an issue on GitHub.
The change is intended and working as it should.
Over time some encryption algorithms will be too weak due to increases in general computing power or due to discovered security holes and these will therefore be disabled in updates.

Beerden · June 30, 2025, 12:46am

This got me too. I used to be able to ssh as hassio, but I updated the Advanced SSH & Web terminal add on, and now that my SSL certificate has expired my TrueNAS cron script that fetches a new cert can’t ssh copy it over to Home Assistant.
Now I have no way to manually update the certificate because SSH does not work and Home Assistant is refusing local access too.
WAF is plummeting, thanks a lot Advanced SSH & Web terminal add on. Maybe I forgot to read “Breaking” in the release notes.

WallyR · June 30, 2025, 6:56am

The addon works.
Your client does not, because it is outdated.

There might be a way to lower the standards or copy the certificate.
Have you read the documentation?

Ellcon · June 30, 2025, 7:40am

In Configuration settings, compatibility_mode: true.

Beerden · June 30, 2025, 1:21pm

It appears to break many common ssh configurations according to comments on that issue.

The applied pull request that added Key Exchange limitations to disable weaker KEX, and change the moduli primes filter in the docker build from >=3071 bits to >=3072 bits,

github.com/hassio-addons/addon-ssh

Fix ssh-audit hardenings

main ← scop:fix/ssh-audit

opened 08:31AM - 24 May 25 UTC

scop

+6 -1

# Proposed Changes Brings current ssh-audit output green again, and adds an a…dditional moduli hardening per their recommendations. ``` # algorithm recommendations (for OpenSSH 9.9) (rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 3072 bits or larger) (rec) -curve25519-sha256 -- kex algorithm to remove (rec) [email protected] -- kex algorithm to remove (rec) -diffie-hellman-group16-sha512 -- kex algorithm to remove (rec) -diffie-hellman-group18-sha512 -- kex algorithm to remove ``` ## Summary by CodeRabbit ## Summary by CodeRabbit - **Security Improvements** - Enhanced SSH configuration by restricting the moduli file to use stronger cryptographic parameters. - Broadened the list of disallowed SSH key exchange algorithms to improve security.

So this means those of us who were living on the edge of secure will be updating the ssh tools and keys on the various devices to comply - at least until the next security audit.

Starmina · June 30, 2025, 11:00pm

github.com/hassio-addons/addon-ssh

KEX limitations too strong

opened 04:23AM - 28 Jun 25 UTC

VlastiBroucek

IMHO, limiting KEX to only `mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup7…[email protected],ext-info-s,[email protected]` is extremely strict, severely restricting users on windows machines. Even latest OpenSSH preview for windows is useless: ``` PS C:\Program Files\OpenSSH> .\ssh.exe -V OpenSSH_for_Windows_9.8p2 Win32-OpenSSH-GitHub, LibreSSL 4.0.0 PS C:\Program Files\OpenSSH> .\ssh.exe -Q kex diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256 [email protected] ``` It's nice to get green on audit, but...

Yeah, no. According to the discussion on this issue, new restrictions are waaaay too strong.

WallyR · July 1, 2025, 7:09am

It is like that with every move on this subject and the terms is set by the OpenSSH team, which do not back down.
SSH is a security app, so security will be first priority.

isoutham · July 1, 2025, 7:39am

This is imply not true. My client is not outdated and, I have this problem too.
This is a list optimised for Putty users.

For instance:

curve25519-sha256
[email protected]

Are gone and, both of these are perfectly safe to use.

isoutham · July 1, 2025, 7:42am

It is simply checkbox security. They want to get a green audit and, I am not against that but, they have removed cyphers that would not have prevented this.

WallyR · July 1, 2025, 12:06pm

It is not optimized for putty users.
Putty just happens to follow the same standards released by OpenSSL, which many other vendors does.
If your client does not have these algorithms installed, then it is outdated, even though it might be the newest from the vendor. The vendor have just not followed up with his algorithm libraries.

I have no idea why curve25519-sha256 is not in the list anymore, if it have been in the past.
I could only find an issue with an implementation that had a security hole, but if that implementation was use so widespread that it warranted a removal, I do not know.

WallyR · July 1, 2025, 12:06pm

They follow the standards from OpenSSL.