This articles is published 292 days ago and last updated 277 days ago, some information may be out of date.

Fixing Key Exchange and Cipher Issues on Cisco SG300-10P Switch


Problem of SSH

Here is the "No Matching Key Exchange Method Found" error on your Cisco SG300-10P switch.

When attempting to establish an SSH connection with the following command:

ssh [email protected]
In This Case
Login NameSwitch IP

An error is encountered due to incompatible key exchange and cipher methods:

Unable to negotiate with port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

Unable to negotiate with port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,arcfour,aes192-cbc,aes256-cbc


To resolve the issue, create a new SSH configuration file and restart the SSH service:

  1. Run the following command to create a new configuration file, cisco_sg300.conf, in the /etc/ssh/ssh_config.d/ directory:

    sudo bash -c 'cat > /etc/ssh/ssh_config.d/cisco_sg300.conf << EOF
    HostkeyAlgorithms ssh-dss,ssh-rsa
    KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc

OR minimum algorithms to be compatible with more devices.

sudo cat > /etc/ssh/ssh_config.d/cisco_sg300.conf << EOF
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
HostKeyAlgorithms +ssh-rsa
Ciphers +aes128-cbc
  1. Restart the SSH service for the changes to take effect:

    sudo systemctl restart ssh.service



Encountering errors such as "No Matching Key Exchange Method Found" and "No Matching Cipher Found" on your Cisco SG300-10P Network Switch can be frustrating, but they can be resolved with a few simple steps.