SSH does not accept legacy Diffie-Hellman kex algorithm after upgrading Red Hat Enterprise Linux to 7.4 or higher

Solution Verified - Updated -


  • Red Hat Enterprise Linux 7.3 or older ssh clients that are using the diffie-hellman-group-exchange-sha256 kex algorithm are rejected if the SSH server the client connects to is running Red Hat Enterprise Linux 7.4 or higher.


  • Red Hat Enterprise Linux 7.4 or higher
  • openssh-server-7.4p1-16.el7.x86_64 or higher

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In