Walter Harms wrote: > This is caused by changes in ssh_config. You can try: > ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 USER@TARGET > > or persistent in ssh_config > KexAlgorithms=+diffie-hellman-group1-sha1 > > your mileage may vary etc. > > re, > wh
Thanks! This advice has shown me how to connect directly to an old OpenSSH server again (not Dropbear), instead of via intermediate hops on intermediate servers :) However after reading [1] I decided a safer kex is diffie-hellman-group14-sha1 (group14 instead of group1). Mentioning this in case it's also an option for old Dropbear/OpenWRT users. [1] https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-09.html#rfc.section.3.4 "Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)". Best, -- Jamie
