Aller au contenu

SSH

Some tips and tricks using SSH to access local and remote devices.

Configuration for “Old” ciphers

When trying to connect to “old” devices, like Cisco devices running old IOS, you can get messages like this one: 

Unable to negotiate with 10.0.0.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
alpine-0:~$

You can modify your default SSH configuration by editing the /etc/ssh/ssh_config file by uncommenting the following lines to accept specific Ciphers algo:

Host *
   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc

and you can add the following line for legacy key exchanges algorithms:

#Legacy changes
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

Allowing a host to be a SSH Relay

When using a Linux Host as a SSH relay, we have to authorized it the the configuration file /etc/ssh/sshd_config by changing the following line from no to yes:

AllowTcpForwarding yes
Dernière mise à jour: 3 October 2023