Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Philip Webb <purslow@××××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Ssh problem : half-solved
Date: Mon, 11 Mar 2019 05:41:32
Message-Id: 20190311054119.GA1934@ca.inter.net
In Reply to: Re: [gentoo-user] Ssh problem by Nils Freydank
1 190310 Nils Freydank wrote:
2 > Am Sonntag, 10. März 2019, 08:25:54 CET schrieb Philip Webb:
3 >> I updated Ssh yesterday :
4 >> [...]
5 >> ssh x.y.z
6 >> Unable to negotiate with 128.100.160.1 port 22: no matching key
7 >> exchange method found. Their offer:
8 >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
9 > ssh tells you straight forward what the issue is:
10 > Within the key exchange at the begin of the communication
11 > there was no way to establish a connection between server and client,
12 > probably because the client has a more secure setup than the server.
13 > This happens mostly due to old ssh versions serverside.
14
15 Yes, they mb a bit slow to upgrade.
16
17 > You can find solutions pretty fast
18 > by just searching for "Their offer: <key exchange offers>",
19 > e.g. https://unix.stackexchange.com/questions/340844/
20 > how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0
21
22 That forum contains a solution :
23
24 ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 123.123.123.123
25
26 That gets me thro' & I can do my work there.
27
28 > Enable legacy and possible less secure key exchange formats and ciphers
29 > only per server and not globally
30 > and if possible upgrade the SSH server version.
31
32 However, I've tried to insert an instruction in config files,
33 but nothing changes after a reboot.
34 I've tried adding to ~/.ssh/config & /etc/ssh/ssh_config :
35
36 Host 128.100.160.1
37 KexAlgorithms +diffie-hellman-group1-sha1
38
39 That is what seems to be required by 'man 5 ssh_config'.
40
41 Can anyone suggest what + where to tell Ssh to do it every time ?
42
43 >> 'x.y.z' disguises the site's URL, which doesn't seem to be a problem.
44 > That is indeed perfectly fine;
45 > you might want to hide the IP address in the future as well ;-)
46
47 Indeed (red face) : it was at the end of my day.
48 No point in trying to hide it now (wry smile).
49
50 --
51 ========================,,============================================
52 SUPPORT ___________//___, Philip Webb
53 ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto
54 TRANSIT `-O----------O---' purslowatchassdotutorontodotca

Replies

Subject Author
Re: [gentoo-user] Ssh problem : half-solved Mick <michaelkintzios@×××××.com>
Re: [gentoo-user] Ssh problem : half-solved Neil Bothwick <neil@××××××××××.uk>
Report Message
Find on MARC Find on Google Groups