SSH Legacy Key Algorithms

Linux Random Security

Sometimes you have some kit that is just old and isn’t supporting the recent (and secure) key algorithms, if you need to connect (with some consideration of the security implications) you can use something like the below.

The “-v” means verbose, you can see when connecting what the end point is offering, then you can adjust as needed to tweak to the correct ciphers for your situation. Here’s an example:

ssh -v username@server1.domain.com -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c aes256-cbc

1 thought on “SSH Legacy Key Algorithms

  1. If you need to ssh to older switches with a much newer version of ssh then you’ll need to add something like:

    Host *
    KexAlgorithms +diffie-hellman-group1-sha1
    HostkeyAlgorithms +ssh-dss,ssh-rsa
    PubkeyAcceptedKeyTypes +ssh-dss,ssh-rsa
    Ciphers +aes256-cbc,3des-cbc

    To your ~/.ssh/config

Leave a Reply

Your email address will not be published. Required fields are marked *