ssl downgrade by default?

Hey guys,

When we ssh into a default install of exos, we're receving what appears to be a downgrade to a weak cipher/key exchange protocol:

Unable to negotiate with 10.xx.xx.xx port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Do you know when this might be fixed?

3 replies

Userlevel 7
What version of EXOS are you seeing this on? Also, what SSH client are you using?

Hey Brandon,

We're seeing this on v15.7.14 and are just using the terminal ssh client on Fedora 23

Ahh yes.. This is what I do

ssh -oHostKeyAlgorithms=+ssh-dss -l USERNAME IPADDRESS

Should be able to add this to your ~/.ssh/config

HostkeyAlgorithms +ssh-dss

That way you don't have to type in the -oHostKeyAlg...