Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
faq:tcpip [2016/09/13 12:01] – [Ports] Added scanmyports.ssjs to cvs.synchro.net too. digital man | faq:tcpip [2018/02/17 19:55] – [SSH Kex Algo] updated to mention cryptlib 3.4.4 and issue with .ssh/config work-around if left in place digital man | ||
---|---|---|---|
Line 14: | Line 14: | ||
* [[# | * [[# | ||
* [[# | * [[# | ||
+ | * [[# | ||
===== Ports ===== | ===== Ports ===== | ||
Line 289: | Line 290: | ||
:!: **Answer: | :!: **Answer: | ||
Yes, see [[howto: | Yes, see [[howto: | ||
+ | |||
+ | ===== SSH Kex Algo ===== | ||
+ | :?: **Question: | ||
+ | Why do some SSH clients (e.g. [[http:// | ||
+ | |||
+ | Example: | ||
+ | $ ssh vert.synchro.net | ||
+ | $ Received disconnect from 71.95.196.34: | ||
+ | | ||
+ | or: | ||
+ | Unable to negotiate with legacyhost: no matching key exchange method found. | ||
+ | Their offer: diffie-hellman-group1-sha1 | ||
+ | |||
+ | :!: **Answer: | ||
+ | |||
+ | //**NOTE: This has been fixed in CVS now.**// | ||
+ | |||
+ | Synchronet uses [[http:// | ||
+ | |||
+ | From the OpenSSH [[http:// | ||
+ | > OpenSSH implements all of the cryptographic algorithms needed for compatibility with standards-compliant SSH implementations, | ||
+ | |||
+ | Workarounds for OpenSSH: | ||
+ | |||
+ | $ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 user@yourbbs.com | ||
+ | |||
+ | or in the '' | ||
+ | |||
+ | Host yourbbs.com | ||
+ | KexAlgorithms diffie-hellman-group1-sha1 | ||
+ | | ||
+ | **Note:** | ||
+ | If you created this file to work-around the cryptlib v3.4.2 compatibility issue, you will need to remove this file or modify it after updating to cryptlib v3.4.4 | ||
+ | |||
+ | or in the '' | ||
+ | |||
+ | Host yourbbs.com | ||
+ | KexAlgorithms +diffie-hellman-group1-sha1 | ||
+ | |||
+ | Note: Run '' | ||
+ | |||
+ | :!: **Answer: | ||
+ | Another observed problem is with the negotiated Message Authentication Code (MAC) algorithm. | ||
+ | |||
+ | Workaround for OpenSSH (reported by nelgin): | ||
+ | |||
+ | $ ssh -m hmac-md5 user@yourbbs.com | ||