Bug#952687: openssh-server: no connectivity with vx.connectbot: no matching key exchange method found (FYI documentation)
Package: openssh-server
Version: 1:8.2p1-3
Severity: wishlist
Tags: upstream wontfix
Feb 27 16:00:07 tglase-nb sshd[11219]: Unable to negotiate with 192.168.178.24 port 42930: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
This is vx.connectbot, a well-known Android SSH client.
To restore connectivity put…
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1
… into /etc/ssh/sshd_config and restart sshd. Note that this
will lower the security level of your server and probably not
work any more at some point in the future.
-- System Information:
Debian Release: bullseye/sid
APT prefers buildd-unstable
APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.4.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages openssh-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.73
ii dpkg 1.19.7
ii libaudit1 1:2.8.5-2+b1
ii libc6 2.29-10
ii libcom-err2 1.45.5-2
ii libcrypt1 1:4.4.10-10
ii libelogind0 [libsystemd0] 241.3-1+debian3
ii libgssapi-krb5-2 1.17-6
ii libkrb5-3 1.17-6
ii libpam-modules 1.3.1-5
ii libpam-runtime 1.3.1-5
ii libpam0g 1.3.1-5
ii libselinux1 3.0-1+b1
ii libssl1.1 1.1.1d-2
ii libwrap0 7.6.q-30
ii lsb-base 11.1.0
ii openssh-client 1:8.2p1-3
ii openssh-sftp-server 1:8.2p1-3
ii procps 2:3.3.16-2
ii runit-helper 2.8.14
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages openssh-server recommends:
ii libpam-elogind [logind] 241.3-1+debian3
pn ncurses-term <none>
ii xauth 1:1.0.10-1
Versions of packages openssh-server suggests:
ii kwalletcli [ssh-askpass] 3.02-1
ii molly-guard 0.7.2
pn monkeysphere <none>
pn ufw <none>
-- Configuration Files:
/etc/ssh/moduli changed [not included]
-- debconf information:
openssh-server/permit-root-login: true
* ssh/use_old_init_script: true
openssh-server/password-authentication: true
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
ssh/vulnerable_host_keys:
Reply to: