OpenSSH 7.1 and Mikrotik

Crappy SSH implementations (like Mikrotik) support only old and broken ciphers that are now blocked by default in openssh client.

Add this to your .ssh/config.

Host foo.bar.sk
    PubkeyAcceptedKeyTypes ssh-rsa,ssh-dss*
    KexAlgorithms +diffie-hellman-group1-sha1
    HostKeyAlgorithms=+ssh-dss

DH params too short

Edit DH_GRP_MIN in dh.h. I have not found any runtime config option for this.

 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki