Share

Question

I have created an Ubuntu droplet (via Laravel Forge if that matters) and am trying to remote connect to MySql using Navicat. I have installes by SSH key and am able to connect via SSH. I am also able to log into MySql on the server once I am logged in.

However when I try to remote-connect to MySql using SSH tunnel, the response I get from Navicat is

80070007: SSH Tunnel: Server does not support diffie-hellman-group1-sha1 for 
keyexchange

Is there anything I am missing?

Accepted Answer

JNZ July 26, 2016

Accepted Answer

Ok, here is the solution:

Enable the correct Kex:

sudo nano /etc/ssh/sshd_config

append with these lines to ensure correct digest:

KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr

Regenerate all keys:

ssh-keygen -A

Credit goes here

and then restart ssh service:

sudo service ssh restart

After these steps you would need to update your local known_hosts file, as the SSH key has changed.
Say, your Digital Ocean droplet IP is 255.255.222.211.

Locate it in ~.ssh/known_hosts and remove the line that begins with this 255.255.222.111.

In a new shell window test you can connect to your instance!

Next time you log in you will be asked to add the host to known hosts again.

Reply

Answer 2

morethanthesky June 22, 2017

Hey, thank you for posting this. It saved me a ton of time.

Reply

Share

Share your Question

Server does not support diffie-hellman-group1-sha1 for keyexchange

Leave a Comment

Related Questions

Almost there!

Report a Bug