ExtremeSwitching (EXOS)

  • 1.  ssl downgrade by default?

    Posted 06-20-2016 20:11
    Hey guys,

    When we ssh into a default install of exos, we're receving what appears to be a downgrade to a weak cipher/key exchange protocol:

    Unable to negotiate with 10.xx.xx.xx port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

    Do you know when this might be fixed?


  • 2.  RE: ssl downgrade by default?

    Posted 06-20-2016 20:16
    What version of EXOS are you seeing this on? Also, what SSH client are you using?

    -Brandon


  • 3.  RE: ssl downgrade by default?

    Posted 06-20-2016 22:40
    Hey Brandon,

    We're seeing this on v15.7.14 and are just using the terminal ssh client on Fedora 23

    Thanks


  • 4.  RE: ssl downgrade by default?

    Posted 06-21-2016 01:58
    Ahh yes.. This is what I do

    ssh -oHostKeyAlgorithms=+ssh-dss -l USERNAME IPADDRESS

    Should be able to add this to your ~/.ssh/config

    HostkeyAlgorithms +ssh-dss

    That way you don't have to type in the -oHostKeyAlg...