$ ssh -v admin@cisco3 OpenSSH_6.6, OpenSSL 1.0.1g 7 Apr 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to cisco3 [172.16.16.3] port 22. debug1: Connection established. debug1: identity file /home/coyote/.ssh/id_rsa type -1 debug1: identity file /home/coyote/.ssh/id_rsa-cert type -1 debug1: identity file /home/coyote/.ssh/id_dsa type -1 debug1: identity file /home/coyote/.ssh/id_dsa-cert type -1 debug1: identity file /home/coyote/.ssh/id_ecdsa type -1 debug1: identity file /home/coyote/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/coyote/.ssh/id_ed25519 type -1 debug1: identity file /home/coyote/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6p1-hpn14v4 debug1: Remote protocol version 2.0, remote software version Cisco-1.25 debug1: no match: Cisco-1.25 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: server->client aes128-cbc hmac-md5 none debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP Connection closed by 172.16.16.3 CISCO: ssh 2 only seems like https://bugzilla.redhat.com/show_bug.cgi?id=1026430 with workaround, described in comment #2: ssh -o HostKeyAlgorithms=ssh-rsa,ssh-dss -o KexAlgorithms=diffie-hellman-group1-sha1 -o Ciphers=aes128-cbc,3des-cbc -o MACs=hmac-md5,hmac-sha1 <destination> all work.
Similar problem, but slightly different ending: debug2: peer server KEXINIT proposal debug2: KEX algorithms: diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,ssh-dss debug2: ciphers ctos: aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc debug2: ciphers stoc: aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-md5 debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-md5 debug2: compression ctos: none debug2: compression stoc: none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: diffie-hellman-group1-sha1 debug1: kex: host key algorithm: ssh-rsa debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none debug1: sending SSH2_MSG_KEXDH_INIT debug2: bits set: 520/1024 debug1: expecting SSH2_MSG_KEXDH_REPLY Connection reset by 192.168.1.1 port 22 net-misc/openssh-7.9_p1-r4 Dropbear sshd v0.50 on the other end. Workaround from the comment 0 works. On Fedora 29 it's working nearly out of the box just the KexAlgorithms +diffie-hellman-group1-sha1 is needed. On gentoo all the options from the workaround have to be used.