Server does not support diffie-hellman-group1-sha1 for keyexchange

  • Posted on July 26, 2016
  • MySQL
  • JNZAsked by JNZ

I have created an Ubuntu droplet (via Laravel Forge if that matters) and am trying to remote connect to MySql using Navicat. I have installes by SSH key and am able to connect via SSH. I am also able to log into MySql on the server once I am logged in.

However when I try to remote-connect to MySql using SSH tunnel, the response I get from Navicat is

80070007: SSH Tunnel: Server does not support diffie-hellman-group1-sha1 for 

Is there anything I am missing?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Ok, here is the solution:

  1. Enable the correct Kex:
sudo nano /etc/ssh/sshd_config

append with these lines to ensure correct digest:

KexAlgorithms diffie-hellman-group1-sha1,,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr

Regenerate all keys:

ssh-keygen -A

Credit goes here

and then restart ssh service:

sudo service ssh restart

After these steps you would need to update your local known_hosts file, as the SSH key has changed. Say, your Digital Ocean droplet IP is

Locate it in ~.ssh/known_hosts and remove the line that begins with this

In a new shell window test you can connect to your instance!

Next time you log in you will be asked to add the host to known hosts again.


ssh-keygen -A command gives below error… ssh-keygen: illegal option – A usage: ssh-keygen [options] Options: -a trials Number of trials for screening DH-GEX moduli. -B Show bubblebabble digest of key file. -b bits Number of bits in the key to create. -C comment Provide new comment. -c Change comment in private and public key files. -D pkcs11 Download public key from pkcs11 token. -e Convert OpenSSH to RFC 4716 key file. -F hostname Find hostname in known hosts file. -f filename Filename of the key file. -G file Generate candidates for DH-GEX moduli. -g Use generic DNS resource record format. -H Hash names in known_hosts file. -h Generate host certificate instead of a user certificate. -I key_id Key identifier to include in certificate. -i Convert RFC 4716 to OpenSSH key file. -L Print the contents of a certificate. -l Show fingerprint of key file. -M memory Amount of memory (MB) to use for generating DH-GEX moduli. -N phrase Provide new passphrase. -O option Specify a certificate option. -P phrase Provide old passphrase. -p Change passphrase of private key file. -q Quiet. -R hostname Remove host from known_hosts file. -r hostname Print DNS resource record. -S start Start point (hex) for generating DH-GEX moduli. -s ca_key Certify keys with CA key. -T file Screen candidates for DH-GEX moduli. -t type Specify type of key to create. -V from:to Specify certificate validity interval. -v Verbose. -W gen Generator to use for generating DH-GEX moduli. -y Read private key file and print public key. -Z name,… User/host principal names to include in certificate -z serial Specify a serial number.

Regards, S K Gupta

Hey, thank you for posting this. It saved me a ton of time.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel