"G. Branden Robinson" <g.branden.robin...@gmail.com> writes:
> Unable to negotiate with 213.178.77.185 port 22: no matching
> key
> exchange method found. Their offer:
>
gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
i believe the relevant ssh option is 'KexAlgorithms', e.g.:
ssh -o KexAlgorithms=diffie-hellman-group1-sha1
Thanks! That did the trick. I couldn't get the gss-* one to
work; it
seems that the 'ssh' command doesn't believe it to be lexically
valid.
i was intrigued by that one, and did some research. The
gss-group1-sha1-* algorithms were deprecated via a "SHOULD NOT" in
RFC8732, published in February 2020, due to having "small key
lengths and are no longer strong in the face of brute-force
attacks":
https://www.rfc-editor.org/rfc/rfc8732#name-deprecated-algorithms
Alexis.
