From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id AE6C5138334 for ; Mon, 11 Mar 2019 09:09:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B0492E0D7E; Mon, 11 Mar 2019 09:08:57 +0000 (UTC) Received: from smarthost01c.mail.zen.net.uk (smarthost01c.mail.zen.net.uk [212.23.1.5]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 37B21E0C0B for ; Mon, 11 Mar 2019 09:08:57 +0000 (UTC) Received: from [82.69.83.178] (helo=mail.digimed.co.uk) by smarthost01c.mail.zen.net.uk with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1h3GvX-0003or-Iu for gentoo-user@lists.gentoo.org; Mon, 11 Mar 2019 09:08:55 +0000 Received: from digimed.co.uk (fenchurch.digimed.co.uk [192.168.1.6]) by mail.digimed.co.uk (Postfix) with ESMTPA id 062E665D3B for ; Mon, 11 Mar 2019 09:08:55 +0000 (GMT) Date: Mon, 11 Mar 2019 09:08:50 +0000 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Ssh problem : half-solved Message-ID: <20190311090850.32700140@digimed.co.uk> In-Reply-To: <5754419.A2fIWcm9iI@dell_xps> References: <20190310072554.GD1945@ca.inter.net> <20190311054119.GA1934@ca.inter.net> <20190311083133.5085f17e@digimed.co.uk> <5754419.A2fIWcm9iI@dell_xps> Organization: Digital Media Production X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/mdxsrVKhYRLVVeu+RbIAVAl"; protocol="application/pgp-signature" X-Originating-smarthost01c-IP: [82.69.83.178] Feedback-ID: 82.69.83.178 X-Archives-Salt: cc711187-a3f9-4d57-8785-6758b4a9412a X-Archives-Hash: 1c93907a942405e97e0f14da4b284e07 --Sig_/mdxsrVKhYRLVVeu+RbIAVAl Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 11 Mar 2019 08:43:52 +0000, Mick wrote: > > Try without the +, that works for me here. I have an appliance that > > uses outdated algorithms and this config works for me > >=20 > > Host 1.2.3.4 > > Ciphers 3des-cbc > > KexAlgorithms diffie-hellman-group1-sha1 > > HostKeyAlgorithms ssh-dss =20 >=20 > As I understand it the "+" merely adds one more cipher to the > collection. This is probably safer. If the server has been updated and > non-legacy key exchange algorithms are now available they can be used. > Without "+" the directive for the client is exclusive: only use this > algorithm and nothing else. That's how I read it, but it says it appends to the list, so this is the last option tried, while an earlier one could possibly be triggering the failure. With + would be better, but it would be worth trying without. --=20 Neil Bothwick "" " """ " "" " """ <-- random quotes --Sig_/mdxsrVKhYRLVVeu+RbIAVAl Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEGfLZTV7dXdQXh/dDdCdyyQfftocFAlyGJaIACgkQdCdyyQff tocEvhAAhl4VR+TckVILqIroKUyG3vBcL3080dhaNeum360tYPCby2BlQ+smGUm/ ph5l0IJiJLZBoIjAcfTn6/RDDrJW3wBY1IZTw/0BnGau67S3aij44r4IsGhJVKtO C7IGSNlg7W/TF5rjwUD/GKQ0Z+cA+gRMLfgVndY2KgbXuERiTKS0eOUV7l5j+5Gh B3Tku3BgAP3WCOG91aCp+CsKNcYd+xM9W2DCwLcFuau7aRhChRKx/TVsCs5na59n LsdKolHqx/5NimAYsoPL4dlZlsvqWPzNXqJAj5TsaHA+BIlHBXUeoxotwg7ZvnmK uq1ud8IawMs0HLOAm4lxx+272cJvmJF9l632ALCCdD6bBZDJtLKDL1qKfEpiHPg6 DRNZKHaG0T2nAJQnnsVjGAygGoANaRnFQ4I+NI/vV/7+c/Tll1+TKhz90JV7bJj6 IJW0R+NKgWv1lMFnyDN9GJh1NS3ulZphnx4oV+qCeTWPTTV4QJU+KeAVxuYngGff tdOxqnmwj+NJvY4nS4wKhbtZKUwJet1tWzdGEWjrMP4OrqxlaZDgBywOpF3lkhoX SwwWbYoGDhathzJ727pCX2X9KkBy79nFMd0mhvRBsVHc8uCg+tpTnb7FuQFAvt3T uyHP35bN9youzg2yp9k9awzTmbPwyO6fbUkCVs3oFPmgBetrxlc= =MiQj -----END PGP SIGNATURE----- --Sig_/mdxsrVKhYRLVVeu+RbIAVAl--