Nasty SSH behaviour on LTS server upgrade
Karl Auer
kauer at biplane.com.au
Fri Aug 12 23:22:42 UTC 2016
On Fri, 2016-08-12 at 21:27 +0100, Nikhil Nair wrote:
> 14.04.* LTS Ubuntu servers, but as soon as the upgrade to 16.04.1 LTS
> was completed and the machine was rebooted, the SSH client could no
> longer connect. The message was as follows:
As Nils wrote, some weaker ciphers are no longer supported by default.
You can add them back in via directives in /etc/ssh/ssh_config; google
around for the answers. I had success with these two lines added either
for a specific host or globally:
HostkeyAlgorithms +ssh-dss
KexAlgorithms diffie-hellman-group14-sha1
In my case, I could no longer contact some MikroTik routers that were a
few releases behind and did not support RSA.
Alternatives to allowing the weaker ciphers would be:
- upgrade the older systems
- upgrade just ssh on those systems
- downgrade your system
- downgrade just your ssh client
- install an older ssh client alongside the new one
- run a virtual with (say) 15.04 and use it as needed
I found the last one ended up being the fastest way to regain access
until I had upgraded the MikroTiks.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
More information about the ubuntu-users
mailing list