[OmniOS-discuss] common-factor key exchange

Sun Nov 30 02:55:57 UTC 2014

On Fri, Nov 28, 2014 at 07:17:03PM +1000, Michael Mounteney wrote:
> After a recent upgrade to my Gentoo Linux installations, I can no
> longer ssh into them from OmniOS:
> 
> -bash-4.3$ ssh 192.168.1.48
> no common kex alg: client
> 'diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1', server
> 'curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1'

What is your sshd_config on the gentoo side? I have no problems
connecting from an r151012 omnios client to a gentoo 6.6_p1-r1 server.
Unless you've modified the ssh server config, out of the box a gentoo
ssh server should be willing to accept diffie-hellman-group1-sha1. Per
the sshd_config manpage under Gentoo:

     KexAlgorithms
             Specifies the available KEX (Key Exchange) algorithms.  Multiple
             algorithms must be comma-separated.  The default is

                   curve25519-sha256 at libssh.org,
                   ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                   diffie-hellman-group-exchange-sha256,
                   diffie-hellman-group-exchange-sha1,
                   diffie-hellman-group14-sha1,
                   diffie-hellman-group1-sha1

Given your server is not offering diffie-hellman-group1-sha1, my guess is
there must be an explicit KexAlgorithms configuration in place removing
it...