1 |
Hi Philip, |
2 |
|
3 |
Am Sonntag, 10. März 2019, 08:25:54 CET schrieb Philip Webb: |
4 |
> I updated Ssh yesterday : |
5 |
> [...] |
6 |
> ssh x.y.z |
7 |
> Unable to negotiate with 128.100.160.1 port 22: no matching key |
8 |
> exchange method found. Their offer: |
9 |
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 |
10 |
ssh tells you straight forward what the issue is: Within the key exchange |
11 |
at the begin of the communication there was no way to establish a |
12 |
connection between the server and the client, probably because the client |
13 |
has a more secure setup than the server. This happens mostly due to old ssh |
14 |
versions serverside. |
15 |
|
16 |
You can find solutions pretty fast by just searching for "Their offer: <key |
17 |
exchange offers>", e.g. https://unix.stackexchange.com/questions/340844/ |
18 |
how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0 |
19 |
|
20 |
(Please enable legacy and possible less secure key exchange formats and |
21 |
ciphers only per server and not globally - and if possible upgrade the SSH |
22 |
server version.) |
23 |
|
24 |
> 'x.y.z' disguises the site's URL, which doesn't seem to be a problem. |
25 |
That is indeed perfectly fine; you might want to hide the IP address in the |
26 |
future aswell ;-) |
27 |
|
28 |
|
29 |
Greetings, |
30 |
Nils |
31 |
|
32 |
-- |
33 |
GPG fingerprint: '00EF D31F 1B60 D5DB ADB8 31C1 C0EC E696 0E54 475B' |
34 |
Nils Freydank |