You are not logged in.

#1 2018-10-10 17:40:03

TheColonel
Member
Registered: 2017-01-31
Posts: 8

[solved] SSH Client that works with legacy servers, SHA1 kex

I have a device that appears to be running a very old/limited version of dropbear SSH server from 2008 which seems to only support sha1 kex.  A while back OpenSSH disabled diffie-hellman-group1-sha1 kex support and I had to change to using dbclient, but a recent upgrade of the dropbear package seems to have disabled compatibility with that algo.

I've reverted to an older dropbear version for the moment, but are there any current clients that support sha1? Also checked zssh, which whill not support sha1 kex

Suggestions for other workaround are also welcome  - I can't update the server device though.

Last edited by TheColonel (2018-10-11 14:31:38)

Offline

#2 2018-10-10 22:23:08

bulletmark
Member
From: Brisbane, Australia
Registered: 2013-10-22
Posts: 414

Re: [solved] SSH Client that works with legacy servers, SHA1 kex

I had a similar issue but just added KexAlgorithms=+diffie-hellman-group1-sha1 to each of my affected hosts in my ~/.ssh/config.

Offline

#3 2018-10-11 14:31:21

TheColonel
Member
Registered: 2017-01-31
Posts: 8

Re: [solved] SSH Client that works with legacy servers, SHA1 kex

Ah, oops, I had done that previously but it turns out there was actually a cipher disabled by default at some point which I think is what actually got me to switch to dropbear.

I was able to move back to OpenSSH by enabling the cipher "Ciphers +aes256-cbc' in the host's config.

Offline

Board footer

Powered by FluxBB