Web lists-archives.com

Re: ssh trouble

Glenn English wrote:
4 boxes on the same network; an RPi3 running Raspian Stretch, a laptop
and a desktop running Buster, and a Cisco router running IOS 12.4
(note upper case 'I' :-).

I have an expect script to get into the router. It's the same on all the hosts.

The problem is that the RPi and the desktop get

"Unable to negotiate with port 22: no matching key
exchange method found. Their offer: diffie-hellman-group1-sha1"

from the router -- diffie-hellman-group1-sha1 is listed as one of the
encryption types available from my SSH programs.

And from expect:

send: spawn id exp4 not open
     while executing
"send "<passwd>\r""
     (file "./lir.sh" line 14)

On the laptop it works fine -- that says to me that there's nothing
wrong with the router. It worked on the others a couple days ago.

I've tried to get into the router by entering commands by hand, and I
get the same response.

I purged everything that looked like it had anything to do with ssh
(except some that were major dependencies for other things) from the
desktop and reinstalled and configured the packages. Also removed the
.debs from apt/archives. Exactly the same response.

And I SSH around between the hosts with no trouble. That says there's
nothing wrong with SSH. But something is, somewhere.

Anybody run into anything like this before?
Newer versions of ssh deprecate diffie-hellman-group1-sha1
Putting KexAlgorithms +diffie-hellman-group1-sha1 in config for the host works for me. There is also a way to do it on the ssh command line.