ssh-keyscan of an sshd with legacy kex alg only

Klara Mall klara.mall at kit.edu
Fri May 20 00:49:28 AEST 2016


Hi,

with openssh client version 7.2 it's not possible to use ssh-keyscan
to scan ssh servers that support diffie-hellman-group1-sha1 only. It
is because for ssh-keyscan KEX_CLIENT_KEX is hard coded. ssh by
itself is working because you can specify additional kex algorithms
with -o which is not available for ssh-keyscan. Hence I think
ssh-keyscan should still support the old ciphers.

diffie-hellman-group1-sha1 was removed from KEX_CLIENT_KEX here:
https://github.com/openssh/openssh-portable/commit/bdfd29f60b74f3e678297269dc6247a5699583c1

Regards
Klara



More information about the openssh-unix-dev mailing list