OpenWRT Dropbear v2020.80: Exit before auth: No matching algo kex
Jamie Lokier
jamie at shareable.org
Fri Oct 23 22:56:22 AWST 2020
Walter Harms wrote:
> This is caused by changes in ssh_config. You can try:
> ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 USER at TARGET
>
> or persistent in ssh_config
> KexAlgorithms=+diffie-hellman-group1-sha1
>
> your mileage may vary etc.
>
> re,
> wh
Thanks!
This advice has shown me how to connect directly to an old OpenSSH server again
(not Dropbear), instead of via intermediate hops on intermediate servers :)
However after reading [1] I decided a safer kex is diffie-hellman-group14-sha1
(group14 instead of group1).
Mentioning this in case it's also an option for old Dropbear/OpenWRT users.
[1] https://tools.ietf.org/id/draft-ietf-curdle-ssh-kex-sha2-09.html#rfc.section.3.4
"Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)".
Best,
-- Jamie
More information about the Dropbear
mailing list