![]() ![]() To resolve the problem, continue to use OpenSSH 6.x on AIX or upgrade the software on the other side to a level that supports moduli of at least 2048 bits. The following error means that the other side does not support Diffie-Hellman keys based on moduli of at least 2048 bits. Ciphers re-enable root logins with a password, change the PermitRootLogin option in /etc/ssh/sshd_config to yes. ![]() To enable the same ciphers as in OpenSSH 6.x (plus the new ciphers available in OpenSSH 7.x), add the following line to /etc/ssh/sshd_config and ssh_config. KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms re-enable the old Diffie-Hellman KEX (key exchange) algorithm, add the following line to /etc/ssh/sshd_config and /etc/ssh/ssh_config. In this case, set HostKeyAlgorithms in /etc/ssh/ssh_config on the client to the full list of host key types with ssh-dss at the beginning. Note: Because these settings add ssh-dss to the end of the respective options, this change might not resolve the problem on the ssh client side if there are multiple key types in users' known_hosts file for the server. To re-enable DSA keys, add the following lines to /etc/ssh/sshd_config on the server side and just the line PubkeyAcceptedKeyTypes to /etc/ssh/ssh_config on the client side.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |