======Applications - SSH - Notes======

=====Connect to SuSe 8.2 from OpenSSH_9.1=====

SuSe 8.2 uses OpenSSH_3.5p1 which uses ciphers, Kex, and HostKey algorithms that are disabled by default in later versions of OpenSSH.

To connect anyway:

<code>
ssh -c aes128-cbc -o KexAlgorithms=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 -o HostKeyAlgorithms=ssh-rsa,ssh-dss HOSTNAME
</code>


=====Connect to HP ProCurve 2810=====

An HP ProCurve 2810 (J9022A, software version N.11.76) uses an older version of (Open)SSH which uses ciphers, and Kex algorithms that are disabled by default in later versions of OpenSSH.

To connect anyway:
<code>
ssh -c 3des-cbc -o KexAlgorithms=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 -o HostKeyAlgorithms=ssh-rsa manager@SWITCHNAME_OR_IP_ADDRESS
</code>


=====Connect to Cisco ASA 55xx from OpenSSH_9.1=====

<code>
ssh -o KexAlgorithms=diffie-hellman-group14-sha1 -o HostKeyAlgorithms=ssh-rsa user1@HOSTNAME
</code>

This depends on your ssh version still supporting:
  * diffie-hellman-group14-sha1 key exchange. Check with: <code>ssh -Q kex</code>
  * ssh-rsa hostkeys. Check with: <code>ssh -Q key</code>

Tested on:
  * Cisco ASA 5512-X running ASA version 9.6(4)17 (asa964-17-smp-k8.bin).
    * With the following settings:<code>
ssh stricthostkeycheck
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1

username user1 password BLABLABLABLA encrypted
aaa authentication ssh console LOCAL
</code>
    * And RSA keys generated with:<code>crypto key generate rsa modulus 4096</code>