Re: [EXTERNAL] SSHD, diffie-hellman-group1-sha1 , and FreeBSD 13-stable
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 31 Jan 2022 03:15:27 UTC
On 30 Jan 2022, at 21:29, Gary Palmer wrote: > On Sun, Jan 30, 2022 at 09:13:16PM -0500, Garance A Drosehn wrote: >> In my older build of this server, I handled this need by adding >> the line: >> KexAlgorithms +diffie-hellman-group1-sha1 >> in /etc/ssh/sshd_config, and that worked fine. >> >> In the newer system that config line flags an error: >> >> -# /usr/sbin/sshd -f /etc/ssh/sshd_config4 -t >> /etc/ssh/sshd_config4: line 156: Bad configuration option: >> KexAlgorithm > > There is a 1 character difference between the option named above and > > <trim> > >> -# ssh -4e none -oKexAlgorithms=+diffie-hellman-group1-sha1 \ >> -oCiphers=aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc >> \ >> me@sad.ancient.server.rpi.edu > > the one used here. That is why one works and one doesn't > > Regards, > > Gary UGH. Unbelievable! It even occurred to me I might have a typo while I was writing my email, but I triple-checked only the 'diffie-hellman-group1-sha1' part, and not the 'KexAlgorithms' part. I'm now going to bang my head on my desk for a few minutes. But this will save me quite a bit of work, so Thanks Muchly! -- Garance Alistair Drosehn = drosih@rpi.edu Lead Developer @rpi and gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA