lts - diffie-hellman-group-exchange-sha256 not work with all software after upgrating to 16.04 - OpenSSH_7.2p2 - Ask Ubuntu



have upgraded 2 computer ubuntu 14.04lts 16.04lts , have problem openssh.

with software putty 0.64 , less example can't establiseh conexion diffie-hellman-group-exchange-sha256 or diffie-hellman-group-exchange-sha1.
first working diffie-hellman-group14-sha1.

before upgrade work well, , on other computer 14.04lts continu works putty 0.64 , less diffie-hellman-group-exchange-sha256.

it's strange because putty 0.65 , more continu work well.

think configuration still good, , same of working ubuntu 14.04.

is bug on openssh_7.2p2 ubuntu-4ubuntu2.1 ?

thanks lot

i have found when connecting various ssh servers (in case, ones run financial institutions), many diffie-hellman-group-exchange methods no work ubuntu 16, while worked fine ubuntu 14. has negotiating key size after accepting method. openssh in ubuntu 16 won't accept less 2048 bit key, while older openssh accepted shorter key in context. work around client exclude those. in /etc/ssh/ssh_config have:

hostkeyalgorithms +ssh-dss kexalgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org 

the first line, allowing dss, know less secure. connections needed, , don't control servers. second full list of supported key exchange methods (ssh -q kex) 2 problematic diffie-hellman-group-exchange-* methods left out. better practice list in reverse order, can take order-of-preference, , list have puts newer, stronger methods last. in case, leaving out ones won't work servers need connect with, or alternately specifying single, known-compatible on 1 command line, way around problem , have seen.


Comments

Popular posts from this blog

download - Firefox cannot save files (most of the time), how to solve? - Super User

windows - "-2146893807 NTE_NOT_FOUND" when repair certificate store - Super User