User Tools

Site Tools


OpenSSH 7.1 and Mikrotik

Crappy SSH implementations (like Mikrotik) support only old and broken ciphers that are now blocked by default in openssh client. This has been fixed in recent versions of Mikrotik firmware.

Add this to your .ssh/config.

    PubkeyAcceptedKeyTypes ssh-rsa,ssh-dss*
    KexAlgorithms +diffie-hellman-group1-sha1

DH params too short

Edit DH_GRP_MIN in dh.h. I have not found any runtime config option for this.

ssh-dss.txt · Last modified: 2017-07-27 05:21:46 (external edit)