It has happened to me that I have to reboot a non-critical machine which is a DELL PE 2850. Of course with such old hardware it's iDRAC requires Internet Explorer 7 or something, and it has all the compromised ciphers that modern browsers don't allow. Fortunately for me, I also set up and enabled SSH on this iDRAC years ago. SSH is not so straightforward forward either, but with a little tinkering it finally let me in.
# ssh 192.168.3.20 Unable to negotiate with 192.168.3.20 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
So I added this old cipher to ssh once:
vpn# ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc email@example.com Unable to negotiate with 192.168.3.20 port 22: no matching host key type found. Their offer: ssh-dss
Another try with a different one finally let me in:
#ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c 3des-cbc firstname.lastname@example.org The authenticity of host '192.168.3.20 (192.168.3.20)' can't be established. DSA key fingerprint is SHA256:kjGSLZzM7TshY8nW+6s90yD2gfebNMJOCwHn7ixm1yM. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.3.20' (DSA) to the list of known hosts. email@example.com's password: Permission denied, please try again. firstname.lastname@example.org's password: Dell Remote Access Controller 4/I (DRAC 4/I) Firmware Version 1.33 (Build 08.04) [root]#
Now I was able to reboot this machine with simple:
[root]# serveraction powercycle