| 1 |
Hi Philip, |
| 2 |
|
| 3 |
Am Sonntag, 10. März 2019, 08:25:54 CET schrieb Philip Webb: |
| 4 |
> I updated Ssh yesterday : |
| 5 |
> [...] |
| 6 |
> ssh x.y.z |
| 7 |
> Unable to negotiate with 128.100.160.1 port 22: no matching key |
| 8 |
> exchange method found. Their offer: |
| 9 |
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 |
| 10 |
ssh tells you straight forward what the issue is: Within the key exchange |
| 11 |
at the begin of the communication there was no way to establish a |
| 12 |
connection between the server and the client, probably because the client |
| 13 |
has a more secure setup than the server. This happens mostly due to old ssh |
| 14 |
versions serverside. |
| 15 |
|
| 16 |
You can find solutions pretty fast by just searching for "Their offer: <key |
| 17 |
exchange offers>", e.g. https://unix.stackexchange.com/questions/340844/ |
| 18 |
how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0 |
| 19 |
|
| 20 |
(Please enable legacy and possible less secure key exchange formats and |
| 21 |
ciphers only per server and not globally - and if possible upgrade the SSH |
| 22 |
server version.) |
| 23 |
|
| 24 |
> 'x.y.z' disguises the site's URL, which doesn't seem to be a problem. |
| 25 |
That is indeed perfectly fine; you might want to hide the IP address in the |
| 26 |
future aswell ;-) |
| 27 |
|
| 28 |
|
| 29 |
Greetings, |
| 30 |
Nils |
| 31 |
|
| 32 |
-- |
| 33 |
GPG fingerprint: '00EF D31F 1B60 D5DB ADB8 31C1 C0EC E696 0E54 475B' |
| 34 |
Nils Freydank |
Archives