Hi,

I am under the belief that the default setup (plugins) of Jenkins (2.17) listens for SSHD connections. It appears to default to an insecure key exchange algorithm. The by-pass is trivial, but unclear if its documented (in Jenkin's docs, I haven't found it.) Also, I haven't found anything mentioning the server side will be updated (another comment in docs might be good for that.)

user@ubuntu:~$ ssh -p 34213 admin@localhost version
Unable to negotiate with ::1 port 34213: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

user@ubuntu:~$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -p 34213 admin@localhost version
2.17

I might be missing information, but haven't found anything on this yet (aside from people doing the aforementioned workaround.)