Applications - SSH - Notes

SuSe 8.2 uses OpenSSH_3.5p1 which uses ciphers, Kex, and HostKey algorithms that are disabled by default in later versions of OpenSSH.

To connect anyway:

ssh -c aes128-cbc -o KexAlgorithms=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 -o HostKeyAlgorithms=ssh-rsa,ssh-dss HOSTNAME

An HP ProCurve 2810 (J9022A, software version N.11.76) uses an older version of (Open)SSH which uses ciphers, and Kex algorithms that are disabled by default in later versions of OpenSSH.

To connect anyway:

ssh -c 3des-cbc -o KexAlgorithms=diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 -o HostKeyAlgorithms=ssh-rsa manager@SWITCHNAME_OR_IP_ADDRESS

ssh -o KexAlgorithms=diffie-hellman-group14-sha1 -o HostKeyAlgorithms=ssh-rsa user1@HOSTNAME

This depends on your ssh version still supporting:

• diffie-hellman-group14-sha1 key exchange. Check with:

  ssh -Q kex

• ssh-rsa hostkeys. Check with:

  ssh -Q key

Tested on:

• Cisco ASA 5512-X running ASA version 9.6(4)17 (asa964-17-smp-k8.bin).
  • With the following settings:

    ssh stricthostkeycheck
    ssh timeout 5
    ssh version 2
    ssh key-exchange group dh-group14-sha1
    
    username user1 password BLABLABLABLA encrypted
    aaa authentication ssh console LOCAL

  • And RSA keys generated with:

    crypto key generate rsa modulus 4096