Hi Steve, At 2023-02-19T20:04:50+0000, Steve Ross wrote: > On Sunday, February 19, 2023 at 11:30:49 AM CST, G. Branden Robinson > <g.branden.robin...@gmail.com> wrote: > > Thanks for pointing this out. I've used it over the past week or so > > to improve outcomes on macOS and Solaris 11 hosts. I wasn't able to > > access the Solaris 10 system because it and my Debian bullseye > > system don't appear to have any hash algorithms in common that would > > enable an SSH connection. > > At least on my Fedora system, a failed connection attempt with "ssh" > suggests alternatives for algorithms that you can then specify to the > "ssh" client on a second attempt: > > $ ssh myserver.example.com > Unable to negotiate with 1.2.3.4 port 22: no matching host key type > found. Their offer: ssh-rsa,ssh-dss > $ ssh -o HostKeyAlgorithms=+ssh-rsa myserver.example.com
Yup, I've seen this before, too. Unfortunately that's not (precisely) the feedback I get. $ ssh gbran...@gcc210.fsffrance.org Unable to negotiate with 213.178.77.185 port 22: no matching key exchange method found. Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 I get 'Bad key types' error messages from my ssh client for each of these if I try to use them following your example. It's my understanding that several key exchange protocols have been retired over the past 10-15 years as they have shown weaknesses to attack. Perhaps Solaris 10 SSH and Debian bullseye OpenSSH no longer have any in common. Regards, Branden
signature.asc
Description: PGP signature