Re: ssh Problem using it for SFTP
It helps to explain things, Daniel, but truly, the client in question
is horrendously out of date and deprecated for all secure intents and
purposes, I'm quite happy to retire it from active support on my
server.
On Sat, 16 Jan 2016 15:19:33 -0300, you wrote:
>Hi, Steve.
>
>On 14/01/16 13:10, Steve Matzura wrote:
>
>> Failing connection:
>> (...)
>> no matching cipher found: client
>> aes192-cbc,3des-cbc,blowfish-cbc,aes128-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,des-cbc,des-cbc@ssh.com
>> server
>> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
>
>> The rest of the lines show connection run-down, omitted.
>
>Hmmmm... Maybe you could fix this by allowing users to choose between
>SHA1 and SHA2 hash functions.
>
>Since the openssh-server version used in Jessie (and presumably the
>upstreams of SSHD) now has diffie-hellman-group1-sha1 disabled, this
>means that connections some clients could fail. A workaround would be to
>add the following in /etc/ssh/sshd_config:
>
>KexAlgorithms
>curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>
>But at some point I think the support for diffie-hellman-group1-sha1
>completely disappear instead of being disabled by default.
>
>I hope this helps.
>
>Best regards,
>Daniel
Reply to: