As part of our ongoing efforts to ensure that both the Acquia platform and your websites remain reliable and secure, Acquia is restricting
sshd_configs to allow only secure Key Exchange Algorithms (KexAlgorithms) in the Acquia Cloud 1.90 release.
Why was this change made?
This change acts to constrain key exchanges between SSH clients and servers to strong algorithms in an effort to prevent man-in-the-middle attacks (such as Logjam).
Am I affected?
If you are using an outdated SSH client (particularly older SFTP and SCP clients), you may encounter connectivity issues after the Acquia Cloud 1.90 release. Using an SSH client that fails to meet these security requirements can display an error similar to the following:
server sshd: fatal: Unable to negotiate a key exchange method
Restoring your access
To restore your access, you will need to update your SSH client to a version that contains one of the accepted KexAlgorithms:
If you have any questions regarding this issue, contact Acquia Support.