Bert's notes » APC https://a20.net/bert Mon, 02 Nov 2020 10:47:22 +0000 en-US hourly 1 http://wordpress.org/?v=3.8.5 Log in to older APC PDUs with a modern OpenSSH https://a20.net/bert/2017/08/19/log-in-to-older-apc-pdus-with-a-modern-openssh/ https://a20.net/bert/2017/08/19/log-in-to-older-apc-pdus-with-a-modern-openssh/#comments Sat, 19 Aug 2017 21:55:47 +0000 https://a20.net/bert/?p=87 If you find yourself needing to SSH into an older APC PDU such as the AP7921 (or basically any appliance without up to date SSH service) and you use a modern OpenSSH, you may see

Unable to negotiate with target-host port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

or

Unable to negotiate with target-host port 22: no matching cipher found. Their offer: blowfish-cbc

Since version 7, OpenSSH has disabled these by default because of known weaknesses, seeĀ www.openssh.com/txt/release-7.0. To talk to these obsolete SSH services, speak the following Ancient Options under a full moon:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oCiphers=+blowfish-cbc my-user@target-host

.. and the doors to Moria may open.

Edit feb-2019: Recent Ubuntu versions have dropped support for legacy ciphers. You might see this error:

command-line line 0: Bad SSH2 cipher spec '+blowfish-cbc'.

In that case it may be best to install package “openssh-client-ssh1″ and use the “ssh1″ binary instead.

]]> https://a20.net/bert/2017/08/19/log-in-to-older-apc-pdus-with-a-modern-openssh/feed/ 0