With new OpenSSH Client 7.1: No "normal" SSH Login to EXOS possible
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-02-2015 10:49 AM
Hello,
with the current OpenSSH Client 7.1 (released August 21, 2015) it is not possible any longer to login "directly" to an EXOS switch.
~ $ ssh admin@X
Unable to negotiate with X: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
According to http://www.openssh.com/legacy.html the workaround is:
~ $ ssh admin@X -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss
[..]
Enter password for admin:
ExtremeXOS
Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================
Press the or '?' key at any time for completions.
Remember to save your configuration changes.
Slot-1 Y #
Are there any plans or already ways, that EXOS's SSH Implementation doesn't use weak/legacy algorithms?
Cheers
Jan
P.S.: Tested with EXOS up to:
# sh version
Switch : 800551-00-05 1523N-44609 Rev 5.0 BootROM: 1.0.2.1 IMG: 16.1.1.4
X460-G2-VIM-2X-B-1: 800556-00-03 1502N-42815 Rev 3.0
PSU-1 : Internal PSU-1 800592-00-07 1519A-45753
PSU-2 : Internal PSU-2 800592-00-07 1519A-45758
Image : ExtremeXOS version 16.1.1.4 by release-manager
on Fri Jun 12 17:47:56 EDT 2015
BootROM : 1.0.2.1
Diagnostics : 3.1
with the current OpenSSH Client 7.1 (released August 21, 2015) it is not possible any longer to login "directly" to an EXOS switch.
~ $ ssh admin@X
Unable to negotiate with X: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
According to http://www.openssh.com/legacy.html the workaround is:
~ $ ssh admin@X -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss
[..]
Enter password for admin:
ExtremeXOS
Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================
Press the
Remember to save your configuration changes.
Slot-1 Y #
Are there any plans or already ways, that EXOS's SSH Implementation doesn't use weak/legacy algorithms?
Cheers
Jan
P.S.: Tested with EXOS up to:
# sh version
Switch : 800551-00-05 1523N-44609 Rev 5.0 BootROM: 1.0.2.1 IMG: 16.1.1.4
X460-G2-VIM-2X-B-1: 800556-00-03 1502N-42815 Rev 3.0
PSU-1 : Internal PSU-1 800592-00-07 1519A-45753
PSU-2 : Internal PSU-2 800592-00-07 1519A-45758
Image : ExtremeXOS version 16.1.1.4 by release-manager
on Fri Jun 12 17:47:56 EDT 2015
BootROM : 1.0.2.1
Diagnostics : 3.1
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-31-2016 03:12 PM
Ok, thanks for the info!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-31-2016 02:00 PM
21.1 has the SSH server upgrade, 16.2 should have it when it's released, afaik.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-31-2016 02:00 PM
I'm not aware of any plan for it. You should reach out to your Extreme representative for such a request.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-31-2016 02:00 PM
What about EXOS 15.6.X 15.7.X ? Or 15.3.[4-5].X ?
--
Jarek
--
Jarek
