Hi, all, minor problem/annoyance here:
root@noc:/etc/ssh # ssh admin@10.4.0.62 Unable to negotiate with 10.4.0.62 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,none root@noc:/etc/ssh # uname -a FreeBSD noc.pluspunkthosting.de 10.3-RELEASE FreeBSD 10.3-RELEASE #3: Wed Apr 13 14:46:57 CEST 2016 r...@noc.pluspunkthosting.de:/usr/obj/usr/src/sys/GENERIC amd64 Of course I was able to find http://www.openssh.com/legacy.html myself. FreeBSD 10.2 uses OpenSSH 6.6.x while 10.3 imported 7.2. So far so good. The recommended method from the document above works on the command line: ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@10.4.0.62 But if I add KexAlgorithms +diffie-hellman-group1-sha1 to /etc/ssh/ssh_config, that does not change anything. Oddly enough, checking which algorithms are supported gives the same result regardless of any configuration options: root@noc:/etc/ssh # ssh -Q kex diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha...@libssh.org So, diffie-hellman-group1-sha1 is supported but not used unless specified on the command line? And there is no way to override that *globally*? This is an isolated management network with IPMI interfaces - we won't be getting updates for all of these machines' IPMI firmware ... Am I stuck with writing shell aliases or putting the config in each and every user's private ~/.ssh/config? Thanks for any hints, Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 i...@punkt.de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
