Summary: | net-misc/openssh - ssh fails to connect to Cisco systems with diffie-hellman-group-exchange-sha1 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | coyote <viking-coyote> |
Component: | [OLD] Core system | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | zbox |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=1026430 https://bugzilla.redhat.com/show_bug.cgi?id=1053107 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
coyote
2014-04-11 12:07:03 UTC
Similar problem, but slightly different ending: debug2: peer server KEXINIT proposal debug2: KEX algorithms: diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,ssh-dss debug2: ciphers ctos: aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc debug2: ciphers stoc: aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-md5 debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-md5 debug2: compression ctos: none debug2: compression stoc: none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: diffie-hellman-group1-sha1 debug1: kex: host key algorithm: ssh-rsa debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none debug1: sending SSH2_MSG_KEXDH_INIT debug2: bits set: 520/1024 debug1: expecting SSH2_MSG_KEXDH_REPLY Connection reset by 192.168.1.1 port 22 net-misc/openssh-7.9_p1-r4 Dropbear sshd v0.50 on the other end. Workaround from the comment 0 works. On Fedora 29 it's working nearly out of the box just the KexAlgorithms +diffie-hellman-group1-sha1 is needed. On gentoo all the options from the workaround have to be used. |