On Mon, 11 Mar 2019 08:43:52 +0000, Mick wrote: > > Try without the +, that works for me here. I have an appliance that > > uses outdated algorithms and this config works for me > > > > Host 1.2.3.4 > > Ciphers 3des-cbc > > KexAlgorithms diffie-hellman-group1-sha1 > > HostKeyAlgorithms ssh-dss > > As I understand it the "+" merely adds one more cipher to the > collection. This is probably safer. If the server has been updated and > non-legacy key exchange algorithms are now available they can be used. > Without "+" the directive for the client is exclusive: only use this > algorithm and nothing else.
That's how I read it, but it says it appends to the list, so this is the last option tried, while an earlier one could possibly be triggering the failure. With + would be better, but it would be worth trying without. -- Neil Bothwick "" " """ " "" " """ <-- random quotes
pgpum6cP4udJj.pgp
Description: OpenPGP digital signature
