I’m having a problem logging in to server “taylor” (shared account) via SSH. It used to be fine, I don’t know when it changed. If I use Putty, I can get in. It shows Kex Algorithms as follows:
Outgoing packet type 20 / 0x14 (SSH2_MSG_KEXINIT) ~diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1, diffie-hellman-group1-sha1,ssh-rsa,ss...
I’d like to be able to use the diffie-hellman-group1-sha1 algorithm, which is the only one supported by both the server and my terminal client. Note that diffie-hellman-group14-sha1 is there. But when I connect in from a different client, this is what the server returns:
SSH2 server algorithm list: key exchange: email@example.com, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256
This is the same server and port 22, but a different list.
I added the following to my home folder but it didn’t help:
[taylor]$ cat .ssh/config KexAlgorithms +diffie-hellman-group14-sha1 [taylor]$
Here is the KEX list from the server:
[taylor]$ ssh -Q kex | more diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group1-sha1 firstname.lastname@example.org [taylor]$
It seems some of them go to putty, others go to my other emulator, and I don’t know how to control either one. Note again, the server isn’t sending what the client will accept. The server sends its list first, and then the client offers its list for negotiation. So something is making the decision for the server to send specific subsets from the whole list.
Hmm, this is interesting, as I’m checking my note here I see that diffie-hellman-group1-sha1 is in that last list twice. I thought that might be due to my config file, but I commented that out, exited, came back in, and the list is the same. I wonder if that’s a factor?