User Tools

Site Tools


ssh-dss

OpenSSH 7.1 and Mikrotik

Crappy SSH implementations (like Mikrotik) support only old and broken ciphers that are now blocked by default in openssh client. This has been fixed in recent versions of Mikrotik firmware.

Add this to your .ssh/config.

Host foo.bar.sk
    PubkeyAcceptedKeyTypes ssh-rsa,ssh-dss*
    KexAlgorithms +diffie-hellman-group1-sha1
    HostKeyAlgorithms=+ssh-dss

DH params too short

Edit DH_GRP_MIN in dh.h. I have not found any runtime config option for this.

ssh-dss.txt · Last modified: 2017-07-27 05:21:46 (external edit)