Question
Having problem with remote login on Ubuntu after being updated to 15.04
- Posted August 7, 2015
- SecurityLinux Basics
I updated my server from 14.1 to 15.04 and I having issues logging in with one of my IDE’s. I kept getting this errror,
establishing sftp connection failed no suitable key exchange algorithm could be agreed
I found this page with a solution https://nikinuryadin.wordpress.com/2015/05/19/aptana-studio-3-sftp-key-exchange/
It says to add this line to my /etc/ssh/sshd_config file
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
KexAlgorithms=curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
My question is, will this weaken my security or cause any major security risks by adding these ciphers?
Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign in to AnswerThese answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
A number of those ciphers have been deemed as legacy by the OpenSSH team and are no longer supported by default. While for some attacks are still just theoretical, it’s still encouraged to regenerate your keys to use stronger a cipher.
diffie-hellman-group1-sha1in particular was commonly used. You can read more about its weaknesses here:You can regenerate the server’s host keys using: