Hi, everybody, as a bullseye user I am seeing messages like | Unable to negotiate with 10.0.17.52 port 22: no matching | key exchange method found. Their offer: diffie-hellman-group1-sha1
with increasing frequency, especially when trying to ssh into proprietary, obsolete stuff. Above comes from a Cisco 7941 IP phone I toy around with at home, with no expectation of security whatsoever, I might as well use telnet. Some algorithms can be activated by using e.g. -oKexAlgorithms=+diffie-hellman-group1-sha1 but I suppose it is only a question of time before some of this really old and insecure stuff is compiled out or removed from sources. It is also a bit difficult to find working combinations of keyexchange algorithms and ciphers for unknown older servers (a lot of trial and error?). What is the suggested way to work around that problem? Download ssh sources from 15 years ago, and build a "ssh-insecure" binary? What I do not want to do is change my "normal" configuration, e.g. add these algorithms to my normal .ssh/config. I suppose I am not the only one or first to have this problem, is there an elegant solution, that does not compromise security in the dominating normal case (ssh into modern servers)? Thanks in advance, Ralph