From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 18640138334 for ; Mon, 11 Mar 2019 05:41:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A7F55E0C58; Mon, 11 Mar 2019 05:41:22 +0000 (UTC) Received: from mail-1.ca.inter.net (mail-1.ca.inter.net [208.85.220.69]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 48CFEE0B89 for ; Mon, 11 Mar 2019 05:41:22 +0000 (UTC) Received: from localhost (offload-3.ca.inter.net [208.85.220.70]) by mail-1.ca.inter.net (Postfix) with ESMTP id 5DCF22EBD0F for ; Mon, 11 Mar 2019 01:41:21 -0400 (EDT) Received: from mail-1.ca.inter.net ([208.85.220.69]) by localhost (offload-3.ca.inter.net [208.85.220.70]) (amavisd-new, port 10024) with ESMTP id Q9isfWoR+9AM for ; Mon, 11 Mar 2019 01:37:26 -0400 (EDT) Received: from ca.inter.net (host-45-78-194-142.dyn.295.ca [45.78.194.142]) by mail-1.ca.inter.net (Postfix) with SMTP id 2594B2EA6CD for ; Mon, 11 Mar 2019 01:41:19 -0400 (EDT) Received: by ca.inter.net (sSMTP sendmail emulation); Mon, 11 Mar 2019 01:41:19 -0400 Date: Mon, 11 Mar 2019 01:41:19 -0400 From: Philip Webb To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Ssh problem : half-solved Message-ID: <20190311054119.GA1934@ca.inter.net> Mail-Followup-To: gentoo-user@lists.gentoo.org References: <20190310072554.GD1945@ca.inter.net> <10172104.eGJ9VJlZd9@pygoscelis> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <10172104.eGJ9VJlZd9@pygoscelis> User-Agent: Mutt/1.10.1 (2018-07-13) X-Archives-Salt: ad8b5726-6114-46aa-97da-8ae1894631ac X-Archives-Hash: 05fc46e78a95d18531fff2779e2bc53b 190310 Nils Freydank wrote: > Am Sonntag, 10. März 2019, 08:25:54 CET schrieb Philip Webb: >> I updated Ssh yesterday : >> [...] >> ssh x.y.z >> Unable to negotiate with 128.100.160.1 port 22: no matching key >> exchange method found. Their offer: >> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > ssh tells you straight forward what the issue is: > Within the key exchange at the begin of the communication > there was no way to establish a connection between server and client, > probably because the client has a more secure setup than the server. > This happens mostly due to old ssh versions serverside. Yes, they mb a bit slow to upgrade. > You can find solutions pretty fast > by just searching for "Their offer: ", > e.g. https://unix.stackexchange.com/questions/340844/ > how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0 That forum contains a solution : ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 123.123.123.123 That gets me thro' & I can do my work there. > Enable legacy and possible less secure key exchange formats and ciphers > only per server and not globally > and if possible upgrade the SSH server version. However, I've tried to insert an instruction in config files, but nothing changes after a reboot. I've tried adding to ~/.ssh/config & /etc/ssh/ssh_config : Host 128.100.160.1 KexAlgorithms +diffie-hellman-group1-sha1 That is what seems to be required by 'man 5 ssh_config'. Can anyone suggest what + where to tell Ssh to do it every time ? >> 'x.y.z' disguises the site's URL, which doesn't seem to be a problem. > That is indeed perfectly fine; > you might want to hide the IP address in the future as well ;-) Indeed (red face) : it was at the end of my day. No point in trying to hide it now (wry smile). -- ========================,,============================================ SUPPORT ___________//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT `-O----------O---' purslowatchassdotutorontodotca