| 1 |
On 11/3/19 5:23 pm, Philip Webb wrote: |
| 2 |
> 190311 Neil Bothwick + Mick wrote: |
| 3 |
> NB> Try without the +, that works for me here. I have an appliance |
| 4 |
>> that uses outdated algorithms and this config works for me |
| 5 |
>> Host 1.2.3.4 |
| 6 |
>> Ciphers 3des-cbc |
| 7 |
>> KexAlgorithms diffie-hellman-group1-sha1 |
| 8 |
>> HostKeyAlgorithms ssh-dss |
| 9 |
> I tried adding the 2 extra lines to ~/.ssh/config , but no joy. |
| 10 |
> I didn't reboot, but it's not clear that that would make any difference. |
| 11 |
> |
| 12 |
> M> As I understand it the "+" merely adds one more cipher to the collection. |
| 13 |
>> This is probably safer. If the server has been updated |
| 14 |
>> and non-legacy key exchange algorithms are now available they can be used. |
| 15 |
>> Without "+" the directive for the client is exclusive : |
| 16 |
>> only use this algorithm and nothing else. |
| 17 |
> That's what the 'man' says. |
| 18 |
> |
| 19 |
> NB> That's how I read it, but it says it appends to the list, |
| 20 |
>> so this is the last option tried, |
| 21 |
>> while an earlier one could possibly be triggering the failure. |
| 22 |
>> With + would be better, but it would be worth trying without. |
| 23 |
> I tried both & neither gets Ssh to recognise the config. |
| 24 |
> |
| 25 |
> This is a puzzle : are they any other suggestions ? |
| 26 |
> |
| 27 |
This works for me (ancient Cisco ...) |
| 28 |
|
| 29 |
rattus ~ # cat ~/.ssh/config |
| 30 |
Host 192.168.44.1 |
| 31 |
KexAlgorithms +diffie-hellman-group1-sha1 |
| 32 |
Host ghost |
| 33 |
KexAlgorithms +diffie-hellman-group1-sha1 |
| 34 |
|
| 35 |
Which file are putting it in? - this is the client side user. |
Archives