ssl downgrade by default?

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
Hey guys,

When we ssh into a default install of exos, we're receving what appears to be a downgrade to a weak cipher/key exchange protocol:

Unable to negotiate with 10.xx.xx.xx port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Do you know when this might be fixed?
Photo of shampoo

shampoo

  • 80 Points 75 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,304 Points 10k badge 2x thumb
What version of EXOS are you seeing this on? Also, what SSH client are you using?

-Brandon
Photo of shampoo

shampoo

  • 80 Points 75 badge 2x thumb
Hey Brandon,

We're seeing this on v15.7.14 and are just using the terminal ssh client on Fedora 23

Thanks
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Ahh yes.. This is what I do

ssh -oHostKeyAlgorithms=+ssh-dss  -l USERNAME IPADDRESS

Should be able to add this to your ~/.ssh/config

HostkeyAlgorithms +ssh-dss

That way you don't have to type in the -oHostKeyAlg...