Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
faq:tcpip [2019/01/17 16:17] – [FTP NAT] Fixed typos. Removed stale info. digital man | faq:tcpip [2020/02/13 23:41] – [SSH Kex Algo] Mention that aes128-ctr and aes256-ctr are supported now. deuce | ||
---|---|---|---|
Line 14: | Line 14: | ||
* [[# | * [[# | ||
* [[# | * [[# | ||
- | * [[#ssh_kex_algo|Why do some SSH clients fail to connect to my BBS]]? | + | * [[#ssh_algo|Why do some SSH clients fail to connect to my BBS]]? |
* [[# | * [[# | ||
Line 296: | Line 296: | ||
Yes, see [[howto: | Yes, see [[howto: | ||
- | ===== SSH Kex Algo ===== | + | ===== SSH Algo ===== |
:?: **Question: | :?: **Question: | ||
Why do some SSH clients (e.g. [[http:// | Why do some SSH clients (e.g. [[http:// | ||
+ | |||
+ | :!: **Answer: | ||
+ | SSH supports a variety of cryptographic algorithms for encryption (privacy), integrity (mac) and authentication (key-exchange). As stronger algorithms are introduced, older (less-strong) algorithms are deprecated. As a result, when using a newer version of any SSH client (especially OpenSSH), it may fail to connect to SSH servers which only support less-than-the-strongest (newest) algorithms. There is no permanent solution to this issue as cryptographic algorithms are constantly improving (becoming stronger) and older (weaker) algorithms are going out of favor. | ||
+ | |||
+ | |||
+ | ==== SSH Cipher Algo ==== | ||
Example: | Example: | ||
$ ssh vert.synchro.net | $ ssh vert.synchro.net | ||
- | | + | |
| | ||
- | or: | + | Workarounds for OpenSSH: |
- | Unable to negotiate with legacyhost: no matching key exchange method found. | + | |
- | Their offer: diffie-hellman-group1-sha1 | + | |
- | :!: **Answer: | + | $ ssh -c aes128-cbc user@yourbbs.com |
+ | |||
+ | or in the '' | ||
- | //**NOTE: This has been fixed in CVS now.**// | + | Host yourbbs.com |
+ | Ciphers aes128-cbc | ||
+ | |||
+ | ==== SSH Kex Algo ==== | ||
- | Synchronet uses [[http://www.cs.auckland.ac.nz/ | + | Should be fixed as of Fri Feb 14 07:37:04 2020 UTC |
+ | aes128-ctr and aes256-ctr support was added. | ||
+ | |||
+ | Example: | ||
+ | $ ssh vert.synchro.net | ||
+ | Received disconnect from 71.95.196.34: 2: Handshake failed | ||
+ | |||
+ | or: | ||
+ | Unable to negotiate with legacyhost: no matching | ||
+ | Their offer: diffie-hellman-group1-sha1 | ||
From the OpenSSH [[http:// | From the OpenSSH [[http:// | ||
Line 336: | Line 354: | ||
Note: Run '' | Note: Run '' | ||
- | :!: **Answer: | + | ==== SSH MAC Algo ==== |
Another observed problem is with the negotiated Message Authentication Code (MAC) algorithm. | Another observed problem is with the negotiated Message Authentication Code (MAC) algorithm. | ||
Line 352: | Line 371: | ||
Rename/move or delete your '' | Rename/move or delete your '' | ||
+ | If you're using TLS for your other [[server: | ||
+ | |||
+ | These files ('' | ||
===== See Also ===== | ===== See Also ===== | ||
* [[: | * [[: |