cancel
Showing results for 
Search instead for 
Did you mean: 

ssl downgrade by default?

ssl downgrade by default?

shampoo
New Contributor
Hey guys,

When we ssh into a default install of exos, we're receving what appears to be a downgrade to a weak cipher/key exchange protocol:

Unable to negotiate with 10.xx.xx.xx port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Do you know when this might be fixed?
3 REPLIES 3

Jeremy_Gibbs
Contributor
Ahh yes.. This is what I do

ssh -oHostKeyAlgorithms=+ssh-dss -l USERNAME IPADDRESS

Should be able to add this to your ~/.ssh/config

HostkeyAlgorithms +ssh-dss

That way you don't have to type in the -oHostKeyAlg...

shampoo
New Contributor
Hey Brandon,

We're seeing this on v15.7.14 and are just using the terminal ssh client on Fedora 23

Thanks

BrandonC
Extreme Employee
What version of EXOS are you seeing this on? Also, what SSH client are you using?

-Brandon
GTM-P2G8KFN