scolby33
commented
7 years ago I had success by commenting out the HostKey /etc/ssh/ssh_host_ecdsa directive. I didn't have the issue with ssh-dss, but there might be a HostKey for that as well.
Open takenek opened 7 years ago
scolby33
commented
7 years ago I had success by commenting out the HostKey /etc/ssh/ssh_host_ecdsa directive. I didn't have the issue with ssh-dss, but there might be a HostKey for that as well.
graysky2
commented
6 years ago @takenek - I'm no expert but I am using the following in /etc/ssh/sshd_config on another distro:
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
#Ciphers
HostKeyAlgorithms ssh-rsa,rsa-sha2-256,rsa-sha2-512
takenek
commented
6 years ago @graysky2 This is for OpenSSH 6.7? I just put Your config and got it:
Oct 11 09:40:10 zabbix sshd[41017]: /etc/ssh/sshd_config line 89: Bad SSH2 KexAlgorithms 'curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512'. And the most important "HostKeyAlgorithms" is not support in OpenSSH <7.0 so You can`t use this in old Linux distro.
Hello I scan my Debian 8 with OpenSSH version: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 I get recomendation:
algorithm recommendations (for OpenSSH 6.7)
(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove (rec) -ssh-dss -- key algorithm to remove
But how to remove this algoritm? I can`t use: HostKeyAlgorithms ssh-rsa,rsa-sha2-512,rsa-sha2-256 because HostKeyAlgorithms support only for version OpenSSH 7.0+
Best Regards TaKeN