For cases where a SUSE ssh/sftp client is connecting to a 3rd party SSH server, updates and configuration options have been added which allow a return to the previous behavior.įor SLES 12 or SLES 12 SP1, update to openssh 6.6p1-42 or higher. In some cases, the ideal solution may be to change the 3rd party side.ġ. But then it tries to negotiate a key exchange with the server using instead of diffie-hellman-group-exchange-sha256, which of course fails.It is recommend to read the "Cause" section of this document before deciding on a course of action. What I find puzzling about this is that SSH is clearly reading the relevant line in /etc/ssh/ssh_config and seems to be happy with it. Unable to negotiate a key exchange method Here is the relevant output: $ ssh -vvv Reading configuration data /etc/ssh/ssh_configĭebug1: /etc/ssh/ssh_config line 19: Applying options for *ĭebug3: kex names ok: /etc/ssh/ssh_config line 72: Applying options for 10.0.0.1ĭebug3: kex names ok: ĭebug1: Connecting to 10.0.0.1 port 22.ĭebug2: kex_parse_kexinit: kex_parse_kexinit: first_kex_follows 0ĭebug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256ĭebug2: kex_parse_kexinit: first_kex_follows 0ĭebug1: kex: server->client aes256-ctr hmac-ripemd160 noneĭebug1: kex: client->server aes256-ctr hmac-ripemd160 none KexAlgorithms diffie-hellman-group-exchange-sha256 This works fine at the command line: $ ssh -o KexAlgorithms=diffie-hellman-group-exchange-sha256 it fails if I attempt to rely on the following addition at the end of /etc/ssh/ssh_config: Host 10.0.0.1 However, I need to access a server on 10.0.0.1 that requires the use of that algorithm. By default, my SSH client disallows the use of the diffie-hellman-group-exchange-sha256 key exchange algorithm.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |