unable to negotiate ssh to old Linux

B

bangmyhead

Hello, I am trying to do ssh to and old Linux RedHat and I got this.


Code: 
Unable to negotiate with 15.1.1.15 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

Any way to fix this permanent?
 
you can use ssh -o KexAlgorithms=diffie-hellman-group1-sha1 user@15.1.1.15 to connect but first verify if your client system support it using ssh -Q kex
 
DutchDaemon said:
If you find something that works, make it permanent in ~/.ssh/config
Click to expand...

This file was news to me. I assume you generate it and add the host like this:
15.1.1.15 aes128-cbc diffie-hellman-group1-sha1
<address> <cipher> <cipher_auth>

This is similar layout to /user/.ssh/known_hosts without the key.

My though was /etc/ssh/ssh_config to enable the ciphers but a single exception makes much more sense.
Big clue bat on the manpage too. #2 and #3
 
Phishfry said:
This file was news to me. I assume you generate it and add the host like this:
15.1.1.15 aes128-cbc diffie-hellman-group1-sha1
Click to expand...
It's the same format as ssh_config(5):
Code: 
host <hostname>
  <settings>
You typically want to match on both the hostname and the IP address (in case DNS is screwed up).

Code: 
     ssh(1) obtains configuration data from the following sources in the
     following order:

           1.   command-line options
           2.   user's configuration file (~/.ssh/config)
           3.   system-wide configuration file (/etc/ssh/ssh_config)

I often use that ~/.ssh/config to create 'aliases':
Code: 
Host jenkins
  HostName jenkins001.some.domain.tld
  User special_user
Now I can just do ssh jenkins without having to remember the username and complete hostname. Or set some timeout values, which is useful if there are firewalls in your path:
Code: 
Host *
        ServerAliveInterval 10
        ServerAliveCountMax 2
 
You must log in or register to reply here.
Back
Top