On 12/02/2023 18:51, Felix Hädicke wrote:
As far as I can tell there is no way of configuring openssh to avoid using gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==.It is possible with option "GSSAPIKexAlgorithms", see man page for ssh_config / sshd_config.
Well, I feel like a bit of an idiot for missing that, thanks for the tip.
However, the default for GSSAPIKexAlgorithms should be adjusted. See patch: https://github.com/felixhaedicke/openssh/commit/11244c7dd5fb5a8d8ecf07016e0d7afff982f0a3.diff
Seems reasonable to me. -- John Hughes, CalvaEDI -- an Esker company.