From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 39574138334 for ; Sun, 10 Mar 2019 10:31:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3A6E4E0AB2; Sun, 10 Mar 2019 10:31:44 +0000 (UTC) Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9BD73E0A8F for ; Sun, 10 Mar 2019 10:31:42 +0000 (UTC) Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id EC246160071 for ; Sun, 10 Mar 2019 11:31:39 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1552213900; bh=xLmZWYd8+ttkJeL3PWOpRbmXjW/ssuyw0Lg9PsqNXrY=; h=From:To:Subject:Date:From; b=o7LxENdqNNcOT21XYSMbsdYn/+ab5vSRLbncPxnduEpxfTqAMOgljqp9Xseryh7Au UzXr1rG0dSCc2+05vwhBwW3/Fd9vy22k1vhxIxWVzp14AyAI/ifOKyIvBF2NWWCC1i rU5JBMJDDkat7M27bgNqNLT8jdxGgNqkdR4S8g5t2KqkACVNpaI8E8KrwBtqUSteck HA6w+Js/x+Ev1j9syYO2AO26EChmDHToqdLNStliHGgAsVeLq7YgqvMGjWEYg2SVJj jehEnHRCnNsFmB+luFBn9rMxIzq0yybTCLXQyTxGw9VPLCkqu305ThE3XqOrQXXxeN SYRxJISzAYMfQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 44HHZn5h9qz6tm9 for ; Sun, 10 Mar 2019 11:31:13 +0100 (CET) From: Nils Freydank To: Gentoo User Subject: Re: [gentoo-user] Ssh problem Date: Sun, 10 Mar 2019 11:31:03 +0100 Message-ID: <10172104.eGJ9VJlZd9@pygoscelis> In-Reply-To: <20190310072554.GD1945@ca.inter.net> References: <20190310072554.GD1945@ca.inter.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1759297.XuWvaXS3Ba"; micalg="pgp-sha512"; protocol="application/pgp-signature" X-Archives-Salt: 58e1ed80-2f8f-47b7-9b35-fb1ddfd22828 X-Archives-Hash: 58daa7f3798e51b1f0777fc2542baf42 --nextPart1759297.XuWvaXS3Ba Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" Hi Philip, Am Sonntag, 10. M=C3=A4rz 2019, 08:25:54 CET schrieb Philip Webb: > I updated Ssh yesterday : > [...] > ssh x.y.z > Unable to negotiate with 128.100.160.1 port 22: no matching key > exchange method found. Their offer: > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 ssh tells you straight forward what the issue is: Within the key exchange at the begin of the communication there was no way to establish a=20 connection between the server and the client, probably because the client=20 has a more secure setup than the server. This happens mostly due to old ssh= =20 versions serverside. You can find solutions pretty fast by just searching for "Their offer: ", e.g. https://unix.stackexchange.com/questions/340844/ how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0 (Please enable legacy and possible less secure key exchange formats and=20 ciphers only per server and not globally - and if possible upgrade the SSH= =20 server version.) > 'x.y.z' disguises the site's URL, which doesn't seem to be a problem. That is indeed perfectly fine; you might want to hide the IP address in the= =20 future aswell ;-) Greetings, Nils =2D-=20 GPG fingerprint: '00EF D31F 1B60 D5DB ADB8 31C1 C0EC E696 0E54 475B' Nils Freydank --nextPart1759297.XuWvaXS3Ba Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEcg3s4uUa4XE72XWQvF3CmYqtKyEFAlyE52dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcy MERFQ0UyRTUxQUUxNzEzQkQ5NzU5MEJDNURDMjk5OEFBRDJCMjEACgkQvF3CmYqt KyGN7w/+OVizZpzC/kyHHA+QuyqweCybOnKlv9Q8QIcy4hC9a+KLKc/eEs47mpZV YBEU68/MFrGIs9gTrrcQOsS6OPnO+TKVYpuZVE5Zpj9uQavDp1ebFqoP1FIC9NrW +m78S6oDa/EikEZsNzHRMeyBwOTTa0EOR4/8BA8F0Rq9AdNqWBEXYv9SohkZ1b3Z aMLwjawmMJOzL5UR6ZzQnWZE5DKJQcFrl/x+JqWvl4NuwgfpAcfaKTTdUoLXr0VV Y7zScEK9ZttyY+IiCOKoQLe89Fbju1UNOlCDPbTXdoGxqCzxD6PLgHqzcdU9MQ2u Orfm0x9ldEG28mJ5iHnkDeHkJNevB7qBs/KrO4mU3LjZfNTkeR+UhuP3jDjK99ze OVHzHUaUYpP0k0bHpkBp1PB1/j3w5NBlZHC4T0HHEbf0JK/q0nKfXMglkl0zGsXv nJF3+pL92+PhCq478UXltNeMHqBEWqJfRJyHJ0t4cCOIF/QejIQ3qTjxvntB/zNW yyi1h9dSzuwm0rpEhZ66Rw/y3jnpRJVZ6kSFPCVGLUdPS9MjsIARwCYAni4hdhjb LwGXXC04ty2W8JtFn/hSd+WRkvmzeMfXzLu1pYPtl3v+dsgbpHW5n5SOAYRlowph kc1yWm1WVjg1o/sr6s93QpYaUIhWVtkJNyvtbKdfq0q5M0NC+gg= =XrZt -----END PGP SIGNATURE----- --nextPart1759297.XuWvaXS3Ba--