They have done unhappy things with ssh. I work with many embedded systems that have older ssh servers that are for all practical purposes impossible to change.
Some imbecile decided to make the world a better place by dropping support for these old (and admittedly less secure) key exchange schemes.
Excuse me while I go on a short rant. I use ssh routinely. The new scheme works just fine with other servers that I am able to keep up to date. It makes sense for ssh to default to the most secure protocols in these cases. But dropping support for older protocols is foolish, makes my life difficult, and is simply annoying -- not to mention stupid, if perhaps well intentioned.
I used to simply get this error:
ssh focus2 Unable to negotiate with 192.168.0.132 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1The fix for this is to put these lines into my .ssh/config file:
Host focus2 KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms=+ssh-rsa PubkeyAcceptedAlgorithms=+ssh-rsaThis used to work, but now I am seeing this:
ssh root@focus2 ssh_dispatch_run_fatal: Connection to 192.168.0.132 port 22: error in libcrypto
What can I do? One suggestion is this:
su update-crypto-policies --set LEGACY Setting system policy to LEGACY Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place.Then after the change to LEGACY and a 10 minute wait or so, it works!! At least I can use ssh and access the system.
When I try to copy a file, I get this. You might think it is an issue on the target system, but keep reading.
scp root@focus2:/nand.img . sh: /usr/lib/openssh/sftp-server: not foundThis is an issue with the OpenSSH client. Since OpenSSH 9.0, the client uses SFTP protocol by default. To use the legacy protocol, the -O option must be specified.
And indeed, when I do the following, it works!
scp -O root@focus2:/nand.img .So, my problems are fixed for the present, but I expect more mischief from these folks who seem to have a "nanny" attitude.
It seems that ssh is going downhill as far as friendliness, kindness, and usability.
It is touchy non-robust software.
Adventures in Computing / [email protected]