User Tools

Site Tools


hints:connecting_to_a_legacy_ssh_server

Connecting to a legacy ssh server

[ Classic Linux and DirectAdmin. ]

Some encryption algorithms are now considered weak and breakable. New machines running newer versions of ssh and scp will generally disallow these older algorithms.

So if you are logged into the Linux shell on a newer machine such as aqua-new.rahul.net, and try to do an ssh to or scp to/from to some other machine that is very old, the connection may abort with an error message. The error message will typically contain a phrase similar to “no matching key exchange method”.

You can ask ask scp or ssh on the new machine to downgrade its security to allow connecting to an old server. To achieve this, create a file called ~/.ssh/config (by which we mean a file called  config  inside a directory called  .ssh  inside your home directory) and into that put entries like the ones shown below, one for each remote machine to which you want to make a downgraded less secure connection.

Both ssh and scp will consult this file and will then make a less secure connection to each listed machine.

Please use copy-and-paste from below to prevent typographical errors.

# This file is: ~/.ssh/config

# downgraded less secure connection to machine xxx.example.com 
Host xxx.example.com
  Hostname xxx.example.com
  KexAlgorithms +diffie-hellman-group1-sha1
  HostKeyAlgorithms +ssh-dss
  Ciphers +aes128-cbc
  
# downgraded less secure connection to machine yyy.example.com 
Host yyy.example.com
  Hostname yyy.example.com
  KexAlgorithms +diffie-hellman-group1-sha1
  HostKeyAlgorithms +ssh-dss
  Ciphers +aes128-cbc''
hints/connecting_to_a_legacy_ssh_server.txt · Last modified: 2021/02/07 06:09 by admin