ssh-keyscan of an sshd with legacy kex alg only

Klara Mall klara.mall at
Fri May 20 00:49:28 AEST 2016


with openssh client version 7.2 it's not possible to use ssh-keyscan
to scan ssh servers that support diffie-hellman-group1-sha1 only. It
is because for ssh-keyscan KEX_CLIENT_KEX is hard coded. ssh by
itself is working because you can specify additional kex algorithms
with -o which is not available for ssh-keyscan. Hence I think
ssh-keyscan should still support the old ciphers.

diffie-hellman-group1-sha1 was removed from KEX_CLIENT_KEX here:


More information about the openssh-unix-dev mailing list