SSH
Some tips and tricks using SSH to access local and remote devices.
Configuration for “Old” ciphers
When trying to connect to “old” devices, like Cisco devices running old IOS, you can get messages like this one:
Unable to negotiate with 10.0.0.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
alpine-0:~$
You can modify your default
SSH configuration by editing the /etc/ssh/ssh_config
file by uncommenting the following lines to accept specific Ciphers algo:
Host *
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
and you can add the following line for legacy key exchanges algorithms:
#Legacy changes
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Allowing a host to be a SSH Relay
When using a Linux Host as a SSH relay, we have to authorized it the the configuration file /etc/ssh/sshd_config
by changing the following line from no
to yes
:
AllowTcpForwarding yes
Dernière mise à jour:
3 October 2023