Fedora33 implements higher security standards, not only for server side, but even when it comes to client connections.
This includes more restrictive rules on accepted Ciphers, Kex (key exchange) algorithms, etc.
Unfortunately this leads to situation in which you can no longer connect to older hosts, like CentOS5, some switches, for example JunOS12.
If you start getting the similar SSH errors:
=================
debug1: send_pubkey_test: no mutual signature algorithm
debug1: kex: algorithm: (no match)
Unable to negotiate with xx.xx.xx.xx port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
=================
What you can do is slightly tune the openssh client requirements.
You can put this on your config. This exact config will cover all hosts which you connect to, but if you wish this only on specific machines, instead of the wildcard '*' put the name or the IP of your machines, separated by 'space'
In file: ~/.ssh/config
Add/Edit the following section
=================
Host *
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes256-cbc
PubkeyAcceptedKeyTypes +ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes256-cbc
PubkeyAcceptedKeyTypes +ssh-rsa
=================
This will probably fix a lot of issues for you.
No comments:
Post a Comment
Comment