Starting from net-misc/openssh-6.7_p1 the default KexAlgorithm configuration drops out diffie-hellman-group1-sha1 this will result in users getting a cryptic kex related error message from dropbear's ssh command. Whilst the new default improves the protocol security this change should be warned as users may end up getting locked out of the system after upgrading the ssh server. Reproducible: Always Steps to Reproduce: 1. Upgrade the sshd 2. Restart it 3. Try to log in using dropbear Actual Results: Dropbear can't connect as it can't get a matching KEX algorithm Expected Results: Dropbear connects (or the user can change the settings as he got warned after the upgrade).
It seems to work fine with dbclient from dropbear-2014.66. % dbclient localhost Host 'localhost' is not in the trusted hosts file. (ecdsa-sha2-nistp256 fingerprint md5 23:81:4e:3c:af:17:d9:d5:1a:30:e5:ff:5a:37:2b:dd) Do you want to continue connecting? (y/n) y
The issue was reported with dropbear 0.53 from an embedded router running dd-wrt v24. Sorry for the missing info.
(In reply to Francisco Blas Izquierdo Riera from comment #2) that version is almost 4 years old. i'm not sure if it makes sense to try and list/maintain compatibility with random old versions of software. we don't do it with other packages (albeit, most other packages don't provide remote connection services like openssh).
that version of openwrt was marked as broken by upstream ... newer openwrt versions seem to work fine
