Hi, Steve. On 14/01/16 13:10, Steve Matzura wrote: > Failing connection: > (...) > no matching cipher found: client > aes192-cbc,3des-cbc,blowfish-cbc,aes128-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,des-cbc,des-cbc@ssh.com > server > aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com > The rest of the lines show connection run-down, omitted. Hmmmm... Maybe you could fix this by allowing users to choose between SHA1 and SHA2 hash functions. Since the openssh-server version used in Jessie (and presumably the upstreams of SSHD) now has diffie-hellman-group1-sha1 disabled, this means that connections some clients could fail. A workaround would be to add the following in /etc/ssh/sshd_config: KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 But at some point I think the support for diffie-hellman-group1-sha1 completely disappear instead of being disabled by default. I hope this helps. Best regards, Daniel
Attachment:
signature.asc
Description: OpenPGP digital signature