OpenSSH 7.1 and Mikrotik

Crappy SSH implementations (like Mikrotik) support only old and broken ciphers that are now blocked by default in openssh client. This has been fixed in recent versions of Mikrotik firmware.

Add this to your .ssh/config.

Host foo.bar.sk
    PubkeyAcceptedKeyTypes ssh-rsa,ssh-dss*
    KexAlgorithms +diffie-hellman-group1-sha1
    HostKeyAlgorithms=+ssh-dss

DH params too short

Edit DH_GRP_MIN in dh.h. I have not found any runtime config option for this.

 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki