Hello:
On Monday, December 6, 2021 at 12:27:20 PM UTC-3, Tavis Ormandy wrote:
> You're missing the leading 3, it's 3des (triple des).
Quite so ... 8^/
Sorry about that.
Edited and fixed:
[code]
# Ciphers and keying
Ciphers +3des-cbc
[/code]
> ... will also need MACs +hmac-sha1 ...
Right, edited and added:
[code]
# Ciphers and keying
Ciphers +des-cbc
MACs
[/code]
Where as before I would get "no matching cipher found", now I can ssh from my host to the destination VM using 3des-cbc:
[code]
:~$ ssh -c 3des-cbc
us...@192.168.1.4
us...@192.168.1.4's password:
Linux dev-pihole 4.9.0-16-amd64 x86_64 GNU/Linux
--- snip ---
No mail.
Last login: Mon Dec 6 13:39:36 2021 from 192.168.1.2
:~$
[/code]
But no cigar.
Then I found this tidbit:
[url]
https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0[/url]
[quote]
After reading this and this I came up with the changes I needed to do to the /etc/ssh/sshd_config file:
#Legacy changes
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes128-cbc
[/quote]
My guess (?) is that what I added above under "# Ciphers and keying" could be added to "#Legacy changes" instead.
I edited the sshd_config file and tested "+diffie-hellman-group1-sha1" from my host machine:
[code]
~$ ssh -o KexAlgorithms=diffie-hellman-group1-sha1
us...@192.168.1.4
us...@192.168.1.4's password:
Linux dev-pihole 4.9.0-16-amd64 x86_64 GNU/Linux
--- snip ---
No mail.
Last login: Mon Dec 6 16:10:41 2021 from 192.168.1.2
user@dev-pihole:~$
[/quote]
It worked so next was to test it with the Palm T|X:
It worked. 8^D!
[code]
Starting SSHv2 session
Sending version...
Negotiating algorithms... (3des-cbc hmac-sha1)
Generating key...
Exchanging keys...
Calculating shared secret...
Logging in to host '192.168.1.4'
Authenticating (none) ... failed
Authenticating (publickey) ... failed
Authenticating (password) ... succeeded
Opening channel...
connection (state 12): refused global request '
hostk...@openssh.com'
Opening pty...
Starting shell...
Connected to host '192.168.1.4'.
Linux dev-pihole 4.9.0-16-amd64 x86_64 GNU/Linux
--- snip ---
Last login: Mon Dec 6 16:23:36 2021 from 192.168.1.5
user@dev-pihole:~$
[/code]
One more question if I may:
Looking at the login printout I get on the Palm T|X's screen, is there anything I should change/fix?
ie: because of " ... failed" and "refused global request"
Thank you very much for helping me with this.
Much obliged.
Best,
JHM