Bug#952687: openssh-server: no connectivity with vx.connectbot: no matching key exchange method found (FYI documentation)

Thu, 27 Feb 2020 07:09:28 -0800 

Package: openssh-server
Version: 1:8.2p1-3
Severity: wishlist
Tags: upstream wontfix

Feb 27 16:00:07 tglase-nb sshd[11219]: Unable to negotiate with 192.168.178.24 
port 42930: no matching key exchange method found. Their offer: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 [preauth]

This is vx.connectbot, a well-known Android SSH client.

To restore connectivity put…

KexAlgorithms 
curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1

… into /etc/ssh/sshd_config and restart sshd. Note that this
will lower the security level of your server and probably not
work any more at some point in the future.

-- System Information:
Debian Release: bullseye/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages openssh-server depends on:
ii  adduser                    3.118
ii  debconf [debconf-2.0]      1.5.73
ii  dpkg                       1.19.7
ii  libaudit1                  1:2.8.5-2+b1
ii  libc6                      2.29-10
ii  libcom-err2                1.45.5-2
ii  libcrypt1                  1:4.4.10-10
ii  libelogind0 [libsystemd0]  241.3-1+debian3
ii  libgssapi-krb5-2           1.17-6
ii  libkrb5-3                  1.17-6
ii  libpam-modules             1.3.1-5
ii  libpam-runtime             1.3.1-5
ii  libpam0g                   1.3.1-5
ii  libselinux1                3.0-1+b1
ii  libssl1.1                  1.1.1d-2
ii  libwrap0                   7.6.q-30
ii  lsb-base                   11.1.0
ii  openssh-client             1:8.2p1-3
ii  openssh-sftp-server        1:8.2p1-3
ii  procps                     2:3.3.16-2
ii  runit-helper               2.8.14
ii  ucf                        3.0038+nmu1
ii  zlib1g                     1:1.2.11.dfsg-2

Versions of packages openssh-server recommends:
ii  libpam-elogind [logind]  241.3-1+debian3
pn  ncurses-term             <none>
ii  xauth                    1:1.0.10-1

Versions of packages openssh-server suggests:
ii  kwalletcli [ssh-askpass]  3.02-1
ii  molly-guard               0.7.2
pn  monkeysphere              <none>
pn  ufw                       <none>

-- Configuration Files:
/etc/ssh/moduli changed [not included]

-- debconf information:
  openssh-server/permit-root-login: true
* ssh/use_old_init_script: true
  openssh-server/password-authentication: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:
  ssh/vulnerable_host_keys:

Reply via email to