This shows you the differences between two versions of the page.
— |
ssh-dss [2017-07-27 05:21:46] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== OpenSSH 7.1 and Mikrotik ====== | ||
+ | |||
+ | Crappy SSH implementations (like Mikrotik) support only old and broken ciphers that are now blocked by default in openssh client. This has been fixed in recent versions of Mikrotik firmware. | ||
+ | |||
+ | Add this to your .ssh/config. | ||
+ | |||
+ | <code> | ||
+ | Host foo.bar.sk | ||
+ | PubkeyAcceptedKeyTypes ssh-rsa,ssh-dss* | ||
+ | KexAlgorithms +diffie-hellman-group1-sha1 | ||
+ | HostKeyAlgorithms=+ssh-dss | ||
+ | </code> | ||
+ | |||
+ | ===== DH params too short ===== | ||
+ | |||
+ | Edit DH_GRP_MIN in dh.h. I have not found any runtime config option for this. | ||