Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
faq:tcpip [2019/01/17 16:17] – [FTP NAT] Fixed typos. Removed stale info. digital man | faq:tcpip [2019/04/02 13:51] – Added ssh cipher algo work-around digital man | ||
---|---|---|---|
Line 14: | Line 14: | ||
* [[# | * [[# | ||
* [[# | * [[# | ||
- | * [[#ssh_kex_algo|Why do some SSH clients fail to connect to my BBS]]? | + | * [[#ssh_algo|Why do some SSH clients fail to connect to my BBS]]? |
* [[# | * [[# | ||
Line 296: | Line 296: | ||
Yes, see [[howto: | Yes, see [[howto: | ||
- | ===== SSH Kex Algo ===== | + | ===== SSH Algo ===== |
:?: **Question: | :?: **Question: | ||
Why do some SSH clients (e.g. [[http:// | Why do some SSH clients (e.g. [[http:// | ||
+ | |||
+ | :!: **Answer: | ||
+ | SSH supports a variety of cryptographic algorithms for encryption (privacy), integrity (mac) and authentication (key-exchange). As stronger algorithms are introduced, older (less-strong) algorithms are deprecated. As a result, when using a newer version of any SSH client (especially OpenSSH), it may fail to connect to SSH servers which only support less-than-the-strongest (newest) algorithms. There is no permanent solution to this issue as cryptographic algorithms are constantly improving (becoming stronger) and older (weaker) algorithms are going out of favor. | ||
+ | |||
+ | |||
+ | ==== SSH Cipher Algo ==== | ||
+ | |||
+ | Example: | ||
+ | $ ssh vert.synchro.net | ||
+ | Unable to negotiate with vert.synchro.net port 22: no matching cipher found. Their offer: aes128-cbc, | ||
+ | | ||
+ | Workarounds for OpenSSH: | ||
+ | |||
+ | $ ssh -c aes128-cbc user@yourbbs.com | ||
+ | | ||
+ | or in the '' | ||
+ | |||
+ | Host yourbbs.com | ||
+ | Ciphers aes128-cbc | ||
+ | | ||
+ | ==== SSH Kex Algo ==== | ||
Example: | Example: | ||
$ ssh vert.synchro.net | $ ssh vert.synchro.net | ||
- | | + | Received disconnect from 71.95.196.34: |
| | ||
or: | or: | ||
Unable to negotiate with legacyhost: no matching key exchange method found. | Unable to negotiate with legacyhost: no matching key exchange method found. | ||
Their offer: diffie-hellman-group1-sha1 | Their offer: diffie-hellman-group1-sha1 | ||
- | |||
- | :!: **Answer: | ||
- | |||
- | //**NOTE: This has been fixed in CVS now.**// | ||
- | |||
- | Synchronet uses [[http:// | ||
From the OpenSSH [[http:// | From the OpenSSH [[http:// | ||
Line 336: | Line 351: | ||
Note: Run '' | Note: Run '' | ||
- | :!: **Answer: | + | ==== SSH MAC Algo ==== |
Another observed problem is with the negotiated Message Authentication Code (MAC) algorithm. | Another observed problem is with the negotiated Message Authentication Code (MAC) algorithm. | ||