Re: OpenSSH changes between 10.2 and 10.3 ...

Thu, 14 Apr 2016 03:12:04 -0700 

host *
        KexAlgorithms diffie-hellman-group1-sha1

in ~/.ssh/config works for me.

Daniel 

> On 14.04.2016 г., at 12:44, Patrick M. Hausen <hau...@punkt.de> wrote:
> 
> Hi, all,
> 
> minor problem/annoyance here:
> 
> root@noc:/etc/ssh # ssh admin@10.4.0.62
> Unable to negotiate with 10.4.0.62 port 22: no matching key exchange method 
> found. Their offer: diffie-hellman-group1-sha1,none
> root@noc:/etc/ssh # uname -a
> FreeBSD noc.pluspunkthosting.de 10.3-RELEASE FreeBSD 10.3-RELEASE #3: Wed Apr 
> 13 14:46:57 CEST 2016     
> r...@noc.pluspunkthosting.de:/usr/obj/usr/src/sys/GENERIC  amd64
> 
> Of course I was able to find http://www.openssh.com/legacy.html myself.
> 
> FreeBSD 10.2 uses OpenSSH 6.6.x while 10.3 imported 7.2.
> So far so good.
> 
> The recommended method from the document above works on the
> command line:
> 
>       ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@10.4.0.62
> 
> But if I add
> 
>       KexAlgorithms +diffie-hellman-group1-sha1
> 
> to /etc/ssh/ssh_config, that does not change anything. Oddly enough,
> checking which algorithms are supported gives the same result
> regardless of any configuration options:
> 
> root@noc:/etc/ssh # ssh -Q kex
> diffie-hellman-group1-sha1
> diffie-hellman-group14-sha1
> diffie-hellman-group-exchange-sha1
> diffie-hellman-group-exchange-sha256
> ecdh-sha2-nistp256
> ecdh-sha2-nistp384
> ecdh-sha2-nistp521
> curve25519-sha...@libssh.org
> 
> So, diffie-hellman-group1-sha1 is supported but not used unless
> specified on the command line? And there is no way to override that
> *globally*? This is an isolated management network with IPMI
> interfaces - we won't be getting updates for all of these machines'
> IPMI firmware ...
> 
> Am I stuck with writing shell aliases or putting the config in each and
> every user's private ~/.ssh/config?
> 
> Thanks for any hints,
> Patrick
> -- 
> punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
> Tel. 0721 9109 0 * Fax 0721 9109 100
> i...@punkt.de       http://www.punkt.de
> Gf: Jürgen Egeling      AG Mannheim 108285
> 
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to