Error when trying to run scp command -- unknown cipher type 'p'

Hi, I am trying to scp a file to a router running OpenWRT in order to restore the factory firmware.

However, I get an error when trying to run the command below :

$ scp -r -i /home/XXXXXX/.ssh/id_ed25519 -2 -scp -P 22 /home/XXXXXX/Téléchargements/firefox/FW_WRT32X_1.0.180404.58.img root@
Unknown cipher type 'p'
scp: Connection closed

Does anyone know how I can fix this ?

I’m basically following the scp example shown in the section “return to stock firmware”, here.

I can confirm that I can successfully ssh into the router.

$ ssh root@                                                                                                                                                                   

BusyBox v1.36.1 (2023-10-09 21:45:35 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 OpenWrt 23.05.0, r23497-6637af95aa


a few things:

… I have never used the “-i” parameter
… the option “-2” isn’t even mentioned in “man scp
… explicitly declaring the port seems … unnecessary

… when I do:
ssh root@
which is my (quite old) OpenWRT Router
it refuses to connect with:

Unable to negotiate with port 22: no matching host key type found. Their offer: ssh-rsa

so: they do not support what the default is here - and I have to allow for ssh-rsa locally to be able to connect.

You don’t seem to have that “problem” - you can simply connect.


If you can connect, you can transfer a file as well.

scp ./the_file root@
(aka: from this place here to that location there)
should be good enough

Adding to Nachlese, the option -scp also does not seem to be in the current man page. I’m no expert, but if it is being interpreted as -cp, this would mean to choose cipher p, which is consistent with the error message. According to OpenWrt’s page, -scp is supposed to force the use of the SCP protocol. It looks like the current way to do so is with the -O (uppercase letter O) option.

If you can ssh your router, can you try to just upload the file the same way?

scp /home/XXXXXX/Téléchargements/firefox/FW_WRT32X_1.0.180404.58.img root@

Thanks everyone for the replies and the help. Great community here.
I managed to get it working by replacing the two options -2 and -scp with a single -O option.
Probably would have worked equally well without the -i, -r and -P options, but I left them in anway.

Argh. Care to share what the full set of options was that did the trick? I’m encountering exactly the same problem with exactly the same error code.

I ended up using this command to SSH in:

ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa -o KexAlgorithms=+diffie-hellman-group1-sha1

… but when I try the same options on “scp” it always produces the same ‘p’ unknown cipher error… Very frustrating.

I can connect to my OpenWRT router like this:

First what doesn’t work, with the following error message:

ssh root@
Unable to negotiate with port 22: no matching host key type found. Their offer: ssh-rsa

It works with this additional option to the command:

ssh -o HostKeyAlgorithms=+ssh-rsa root@
The authenticity of host ' (' can't be established.
RSA key fingerprint is SHA256:CpF6Io9GR0jnSWnnJu4hH4/d16dhTVbogIp0/5gSgeI.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '' (RSA) to the list of known hosts.
root@'s password: 

BusyBox v1.30.1 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 OpenWrt 19.07.4, r11208-ce6496d796

-o HostKeyAlgorithms=+ssh-rsa
is the only thing I need to add to the command
because this routers sshd does not support whatever the default key algorithms on modern Linux like Manjaro or Mint are

To scp copy a file to the routers /tmp directory:
scp -o HostKeyAlgorithms=+ssh-rsa /path/to/file root@

Mine is obviously a much older version of OpenWRT - the hardware is not the most recent.
It is an: AVM FRITZ!Box 7412 which I use to run Travelmate - I never bothered to keep it up to date since I installed and configured it.

Probably You know it, but you can also have “permanently” added that setting to SSH. In ~/.ssh/config You should add something like:

Host router
  User root
  HostKeyAlgorithms +ssh-rsa

After that, you can just run ssh router or scp /path/to/file router:/tmp

1 Like

Yes, I knew that - but I didn’t bother doing it - I very rarely need to ssh into the thing.
But now that you served me with the copy/paste ready solution, I was not going to let your effort go to waste. :smiley:
It works - of course!
Thank you! :man_bowing: