Date: Sun, 30 Jan 2022 22:15:27 -0500 From: "Garance A Drosehn" <drosih@rpi.edu> To: "Gary Palmer" <gpalmer@freebsd.org> Cc: freebsd-stable@freebsd.org Subject: Re: [EXTERNAL] SSHD, diffie-hellman-group1-sha1 , and FreeBSD 13-stable Message-ID: <7F2A9DA2-45CD-4C56-B911-D36AEF10983E@rpi.edu> In-Reply-To: <YfdJcHkgLc561MHa@in-addr.com> References: <C755168A-A95D-47A2-9C9B-410FB9E56FDF@rpi.edu> <YfdJcHkgLc561MHa@in-addr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=_MailMate_D6F8850A-4F23-42BA-81BF-1C4940881455_=
Content-Type: text/plain; format=flowed
On 30 Jan 2022, at 21:29, Gary Palmer wrote:
> On Sun, Jan 30, 2022 at 09:13:16PM -0500, Garance A Drosehn wrote:
>> In my older build of this server, I handled this need by adding
>> the line:
>> KexAlgorithms +diffie-hellman-group1-sha1
>> in /etc/ssh/sshd_config, and that worked fine.
>>
>> In the newer system that config line flags an error:
>>
>> -# /usr/sbin/sshd -f /etc/ssh/sshd_config4 -t
>> /etc/ssh/sshd_config4: line 156: Bad configuration option:
>> KexAlgorithm
>
> There is a 1 character difference between the option named above and
>
> <trim>
>
>> -# ssh -4e none -oKexAlgorithms=+diffie-hellman-group1-sha1 \
>> -oCiphers=aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
>> \
>> me@sad.ancient.server.rpi.edu
>
> the one used here. That is why one works and one doesn't
>
> Regards,
>
> Gary
UGH. Unbelievable! It even occurred to me I might have a typo while I
was writing my email, but I triple-checked only the
'diffie-hellman-group1-sha1' part, and not the 'KexAlgorithms' part.
I'm now going to bang my head on my desk for a few minutes. But this
will save me quite a bit of work, so Thanks Muchly!
--
Garance Alistair Drosehn = drosih@rpi.edu
Lead Developer @rpi and gad@FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA
--=_MailMate_D6F8850A-4F23-42BA-81BF-1C4940881455_=
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/xhtml; charset=3Dutf-8"=
>
</head>
<body>
<div><div class=3D"plaintext"><p dir=3D"auto">On 30 Jan 2022, at 21:29, G=
ary Palmer wrote:</p>
<blockquote><p dir=3D"auto">On Sun, Jan 30, 2022 at 09:13:16PM -0500, Gar=
ance A Drosehn wrote:</p>
<blockquote><p dir=3D"auto">In my older build of this server, I handled t=
his need by adding<br>
the line:<br>
KexAlgorithms +diffie-hellman-group1-sha1<br>
in /etc/ssh/sshd_config, and that worked fine.<br>
<br>
In the newer system that config line flags an error:<br>
<br>
-# /usr/sbin/sshd -f /etc/ssh/sshd_config4 -t<br>
/etc/ssh/sshd_config4: line 156: Bad configuration option: KexAlgorith=
m</p>
</blockquote><p dir=3D"auto">There is a 1 character difference between th=
e option named above and<br>
<br>
<trim><br>
</p>
<blockquote><p dir=3D"auto"> -# ssh -4e none -oKexAlgorithms=3D+diffie-=
hellman-group1-sha1 \<br>
-oCiphers=3Daes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cb=
c \<br>
me@sad.ancient.server.rpi.edu</p>
</blockquote><p dir=3D"auto">the one used here. That is why one works an=
d one doesn't<br>
<br>
Regards,<br>
<br>
Gary</p>
</blockquote><p dir=3D"auto">UGH. Unbelievable! It even occurred to me =
I might have a typo while I was writing my email, but I triple-checked on=
ly the 'diffie-hellman-group1-sha1' part, and not the 'KexAlg=
orithms' part.</p>
<p dir=3D"auto">I'm now going to bang my head on my desk for a few mi=
nutes. But this will save me quite a bit of work, so Thanks Muchly!</p>
</div>
<!DOCTYPE html><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-famil=
y: sans-serif; font-style: normal; font-variant-caps: normal; font-weight=
: normal; letter-spacing: normal; orphans: auto; text-align: start; text-=
indent: 0px; text-transform: none; white-space: pre-wrap; widows: auto; w=
ord-spacing: 0px; -webkit-text-stroke-width: 0px;">-- =
</div><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-s=
erif; font-style: normal; font-variant-caps: normal; font-weight: normal;=
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0=
px; text-transform: none; white-space: pre-wrap; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px;">Garance Alistair Drosehn =
=3D drosih@rpi.edu
</div><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-s=
erif; font-style: normal; font-variant-caps: normal; font-weight: normal;=
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0=
px; text-transform: none; white-space: pre-wrap; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px;">Lead Developer @rpi =
and gad@FreeBSD.org
</div><div dir=3D"auto" style=3D"color: rgb(0, 0, 0); font-family: sans-s=
erif; font-style: normal; font-variant-caps: normal; font-weight: normal;=
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0=
px; text-transform: none; white-space: pre-wrap; widows: auto; word-spaci=
ng: 0px; -webkit-text-stroke-width: 0px;">Rensselaer Polytechnic Institut=
e; Troy, NY; USA</div>
</div>
</body>
</html>
--=_MailMate_D6F8850A-4F23-42BA-81BF-1C4940881455_=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7F2A9DA2-45CD-4C56-B911-D36AEF10983E>