ssl downgrade by default?


Hey guys,

When we ssh into a default install of exos, we're receving what appears to be a downgrade to a weak cipher/key exchange protocol:

Unable to negotiate with 10.xx.xx.xx port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Do you know when this might be fixed?

3 replies

Userlevel 7
What version of EXOS are you seeing this on? Also, what SSH client are you using?

-Brandon
Hey Brandon,

We're seeing this on v15.7.14 and are just using the terminal ssh client on Fedora 23

Thanks
Ahh yes.. This is what I do

ssh -oHostKeyAlgorithms=+ssh-dss -l USERNAME IPADDRESS

Should be able to add this to your ~/.ssh/config

HostkeyAlgorithms +ssh-dss

That way you don't have to type in the -oHostKeyAlg...

Reply