190310 Nils Freydank wrote: > Am Sonntag, 10. März 2019, 08:25:54 CET schrieb Philip Webb: >> I updated Ssh yesterday : >> [...] >> ssh x.y.z >> Unable to negotiate with 128.100.160.1 port 22: no matching key >> exchange method found. Their offer: >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > ssh tells you straight forward what the issue is: > Within the key exchange at the begin of the communication > there was no way to establish a connection between server and client, > probably because the client has a more secure setup than the server. > This happens mostly due to old ssh versions serverside.
Yes, they mb a bit slow to upgrade. > You can find solutions pretty fast > by just searching for "Their offer: <key exchange offers>", > e.g. https://unix.stackexchange.com/questions/340844/ > how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0 That forum contains a solution : ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 123.123.123.123 That gets me thro' & I can do my work there. > Enable legacy and possible less secure key exchange formats and ciphers > only per server and not globally > and if possible upgrade the SSH server version. However, I've tried to insert an instruction in config files, but nothing changes after a reboot. I've tried adding to ~/.ssh/config & /etc/ssh/ssh_config : Host 128.100.160.1 KexAlgorithms +diffie-hellman-group1-sha1 That is what seems to be required by 'man 5 ssh_config'. Can anyone suggest what + where to tell Ssh to do it every time ? >> 'x.y.z' disguises the site's URL, which doesn't seem to be a problem. > That is indeed perfectly fine; > you might want to hide the IP address in the future as well ;-) Indeed (red face) : it was at the end of my day. No point in trying to hide it now (wry smile). -- ========================,,============================================ SUPPORT ___________//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT `-O----------O---' purslowatchassdotutorontodotca
