Network Administration: SSH connection errors when connecting to older Cisco devices

Background:

When connecting to older Cisco routers and switches (e.g. Cisco 2951, C3750G, C4948-10GE, etc.), it’s likely that you’ll encounter one or a combination of the following errors:

Unable to negotiate with <ip-address-of-the-device> port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Unable to negotiate with <ip-address-of-the-device> port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

Solution:

For the first error, run:

ssh -c aes256-cbc username@<ip-address-of-the-device>

For the second error, run:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes256-cbc username@<ip-address-of-the-device>