On 11/3/19 5:23 pm, Philip Webb wrote: > 190311 Neil Bothwick + Mick wrote: > NB> Try without the +, that works for me here. I have an appliance >> that uses outdated algorithms and this config works for me >> Host 1.2.3.4 >> Ciphers 3des-cbc >> KexAlgorithms diffie-hellman-group1-sha1 >> HostKeyAlgorithms ssh-dss > I tried adding the 2 extra lines to ~/.ssh/config , but no joy. > I didn't reboot, but it's not clear that that would make any difference. > > M> As I understand it the "+" merely adds one more cipher to the collection. >> This is probably safer. If the server has been updated >> and non-legacy key exchange algorithms are now available they can be used. >> Without "+" the directive for the client is exclusive : >> only use this algorithm and nothing else. > That's what the 'man' says. > > NB> That's how I read it, but it says it appends to the list, >> so this is the last option tried, >> while an earlier one could possibly be triggering the failure. >> With + would be better, but it would be worth trying without. > I tried both & neither gets Ssh to recognise the config. > > This is a puzzle : are they any other suggestions ? > This works for me (ancient Cisco ...)
rattus ~ # cat ~/.ssh/config Host 192.168.44.1 KexAlgorithms +diffie-hellman-group1-sha1 Host ghost KexAlgorithms +diffie-hellman-group1-sha1 Which file are putting it in? - this is the client side user.