no common algorithm for key exchange

[yylime]

When i used the sshwifty to connect some device by ssh, i found that the sshwifty does not support diffie-hellman-group1-sha1 .
What should i do to fix this problem?

the error message as follows:
 ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: [curve25519-sha256 [email protected] ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1 ext-info-c [email protected]], server offered: [diffie-hellman-group1-sha1]

[nirui]

Hi,

Sshwifty only support the Key Exchange (KEX) Algorithms offered by upstream library golang.org/x/crypto/ssh, but sadly, the library does not support diffie-hellman-group1-sha1, thus the warning and failure.

The best option I think is to upgrade the SSH server to allow safer algorithms (listed in the error message too), since diffie-hellman-group1-sha1 is considered "weak and within theoretical range of the so-called Logjam attack" according to the Legacy Options page on openssh.com.

But of course, modifying server options require appropriate permissions on the server. If you do have the permissions and it's an OpenSSH server, you can specify other Kex Algorithms with the KexAlgorithms option. Give the manual for sshd_config a look, the "KexAlgorithms" section specifically.

If you don't have the permission however, then better call the admin to do the upgrade for you :)

Sorry for the inconvenience.

[yylime]

thanks a lot~