Header Only - DO NOT REMOVE - Extreme Networks

With new OpenSSH Client 7.1: No "normal" SSH Login to EXOS possible


Userlevel 3
Hello,

with the current OpenSSH Client 7.1 (released August 21, 2015) it is not possible any longer to login "directly" to an EXOS switch.

~ $ ssh admin@X
Unable to negotiate with X: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1[/code]
According to http://www.openssh.com/legacy.html the workaround is:

~ $ ssh admin@X -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss
[..]
Enter password for admin:
ExtremeXOS
Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================
Press the or '?' key at any time for completions.
Remember to save your configuration changes.
Slot-1 Y #[/code]

Are there any plans or already ways, that EXOS's SSH Implementation doesn't use weak/legacy algorithms?

Cheers
Jan

P.S.: Tested with EXOS up to:

# sh version
Switch : 800551-00-05 1523N-44609 Rev 5.0 BootROM: 1.0.2.1 IMG: 16.1.1.4
X460-G2-VIM-2X-B-1: 800556-00-03 1502N-42815 Rev 3.0
PSU-1 : Internal PSU-1 800592-00-07 1519A-45753
PSU-2 : Internal PSU-2 800592-00-07 1519A-45758
Image : ExtremeXOS version 16.1.1.4 by release-manager
on Fri Jun 12 17:47:56 EDT 2015
BootROM : 1.0.2.1
Diagnostics : 3.1[/code]

7 replies

Userlevel 7
This sounds like something we'll need to look into. I'll do some checking internally, and I suspect someone may be able to come back with more information before I can.

Can I ask what OS you're using?
Userlevel 7
Hi,

yes, there're plans to upgrade the SSH Server in future release. It doesn't seem we can have stronger key exchange methods in our current implementation.
Are there any updates on this topic?
Userlevel 7
21.1 has the SSH server upgrade, 16.2 should have it when it's released, afaik.
Userlevel 3
Grosjean, Stephane wrote:

21.1 has the SSH server upgrade, 16.2 should have it when it's released, afaik.

What about EXOS 15.6.X 15.7.X ? Or 15.3.[4-5].X ?

--
Jarek
Userlevel 7
Grosjean, Stephane wrote:

21.1 has the SSH server upgrade, 16.2 should have it when it's released, afaik.

I'm not aware of any plan for it. You should reach out to your Extreme representative for such a request.
Ok, thanks for the info!

Reply