OpenSSH and login to Tru64 or OpenVMS systems

Owned by Bruno Miretti (Deactivated)
Last updated: Dec 13, 2018Version comment
1 min read

Problem

Starting with OpenSSH version 7.0, ciphers, hashes and key-exchange algorithms are disabled by default. This means that for newer versions of OpenSSH making a connection to Tru64 or OpenVMS systems can be a problem.

Solution

Verify your OpenSSH version using the "ssh -V" command.

Example:

# ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

.

In order to connect to a Tru64 or OpenVMS system using OpenSSH V7.0 and above, please add the following lines to your ~/.ssh/config file (on the Linux server):

Host <tru64-system-nickname

  Hostname <tru64-system-real-name>

  KexAlgorithms +diffie-hellman-group1-sha1

  HostKeyAlgorithms +ssh-dss

  Ciphers +3des-cbc

(lightbulb) On Windows, the config file has to be located in the user's folder under .ssh, usually: C:\Users\<user>\.ssh

Example:

# cat /root/.ssh/config

Host pluto5

  Hostname pluto5

  KexAlgorithms +diffie-hellman-group1-sha1

  HostKeyAlgorithms +ssh-dss

  Ciphers +3des-cbc

Or use the following command line to connect to the Tru64 system:

# ssh -o 'KexAlgorithms=+diffie-hellman-group1-sha1' -o 'HostKeyAlgorithms=+ssh-dss' -o 'Ciphers=+3des-cbc' <user>@<tru64-system-real-name>

(info) The plus-sign ("+") tells ssh to enable the feature.

Links

More information at https://www.openssh.com/legacy.html

Related article


<Go to Top>


© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.