| 1 |
On Mon, 11 Mar 2019 08:43:52 +0000, Mick wrote: |
| 2 |
|
| 3 |
> > Try without the +, that works for me here. I have an appliance that |
| 4 |
> > uses outdated algorithms and this config works for me |
| 5 |
> > |
| 6 |
> > Host 1.2.3.4 |
| 7 |
> > Ciphers 3des-cbc |
| 8 |
> > KexAlgorithms diffie-hellman-group1-sha1 |
| 9 |
> > HostKeyAlgorithms ssh-dss |
| 10 |
> |
| 11 |
> As I understand it the "+" merely adds one more cipher to the |
| 12 |
> collection. This is probably safer. If the server has been updated and |
| 13 |
> non-legacy key exchange algorithms are now available they can be used. |
| 14 |
> Without "+" the directive for the client is exclusive: only use this |
| 15 |
> algorithm and nothing else. |
| 16 |
|
| 17 |
That's how I read it, but it says it appends to the list, so this is the |
| 18 |
last option tried, while an earlier one could possibly be triggering the |
| 19 |
failure. With + would be better, but it would be worth trying without. |
| 20 |
|
| 21 |
|
| 22 |
-- |
| 23 |
Neil Bothwick |
| 24 |
|
| 25 |
"" " """ " "" " """ <-- random quotes |
Archives