Harry Putnam <rea...@newsguy.com> writes: > I'm not at all clear on how one would go about making an adjustment in > sshd_config to allow the algs used by my REMOTE-sol to be recognized. > > REMOTE-sol does not appear to be using OpenSSH .. maybe a solaris > version of SSH. > > In light of the comments above; if you have any more info on this and > have the time... please post.
I managed to get a bit of a solution after careful study of the error output and man sshd_config (Largely from being guided by your post) It shows the default kex algorithems and the possible kex alg. I thought of just adding one that matched the list of my clients available choices to sshd_config on REMOTE-deb like so: KexAlgorithms diffie-hellman-group-exchange-sha1 Then restart sshd. That works, but I was afraid that might mean the defaults would be dropped and only `diffie-hellman-group-exchange-sha1' would be offered. I was afraid that might cause failure on some other hosts. It was not clear to me from `man sshd_config' just how exactly to do this. I finally opted for listing all the defaults + diffie-hellman-group-exchange-sha1 Like this (in REMOTE-deb /etc/ssh/sshd_config): KexAlgorithms curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 That also works. Now, since debian chose to follow the new upstream sshd defaults and limits due to `UNSAFE' alg. I'm wondering if by adding one of those discarded algs back in there... I may be creating a security hole. The REMOTE-deb host is exposed to ssh via the internet... not just through the lan. Any opinions on what I may have created? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mw7dh8d5....@newsguy.com
