Web lists-archives.com

buster ssh problem




buster, seems to be all hosts can't talk to Cisco router

I'd like to get into my Cisco 1841 (IOS 12.4) router with ssh like I
have for a decade or so. But buster's ssh says there's no useful
encryption algorithm -- says the offer is diffie-hellman-group1-sha1.
So I looked around a bit, and the openssh website says that's a
insecure algorithm, but I can enable it if I want to by putting some
text in ~/.ssh.config. Except there is no ~/.ssh.config. I created one
and put what I think is the recommended text in it, but no joy.

I put 'KexAlgorithms +diffie-hellman-group1-sha1' in
/etc/ssh/ssh_config, and ssh still says it can't find a good
algorithm, and gives me another list of possibilities. I assume that
list is coming from the router, and I have no idea what 'Kex' means

Anybody know what's going on? And how to fix it? Should I just give up
on ssh and use telnet? (The router's in the next room on the other
side of an Ethernet switch, so there's not much chance of crackers.
But a civilized admin much prefers ssh over telnet.)

--
Glenn English