Feature #5283
closed
SunSSH client kex algorithms incompatible with OpenSSH 6.7 server by default
0%
Description
SunSSH client cannot connect to an OpenSSH 6.7 sshd with default settings (eg. OpenBSD 5.6) due to tightened defaults:
% ssh openbsd56machine
no common kex alg: client 'diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1', server 'curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1'
sshd_config changes can work around this of course.
Related issues
Updated by Preston Marshall over 8 years ago
It looks like this is going to require adding support for some key exchange algorithms in SunSSH, which I'm not sure is a minor task. I ran across this issue trying to secure my SSH client on OS X, as SunSSH only supports a few key exchange algorithms, all of which this recommends disabling.
Updated by Lauri Tirkkonen over 8 years ago
Preston Marshall wrote:
It looks like this is going to require adding support for some key exchange algorithms in SunSSH, which I'm not sure is a minor task. I ran across this issue trying to secure my SSH client on OS X, as SunSSH only supports a few key exchange algorithms, all of which this recommends disabling.
As I understand it some work is already being done in #5414. There's been some discussion on the developer list too.
Updated by Yuri Pankov over 6 years ago
- Status changed from New to Feedback
SunSSH is no more, nothing to fix?
Updated by Lauri Tirkkonen over 6 years ago
- Status changed from Feedback to Closed
Yuri Pankov wrote:
SunSSH is no more, nothing to fix?
Right.