I have created an Ubuntu droplet (via Laravel Forge if that matters) and am trying to remote connect to MySql using Navicat. I have installes by SSH key and am able to connect via SSH. I am also able to log into MySql on the server once I am logged in.
However when I try to remote-connect to MySql using SSH tunnel, the response I get from Navicat is
80070007: SSH Tunnel: Server does not support diffie-hellman-group1-sha1 for
keyexchange
Is there anything I am missing?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Ok, here is the solution:
- Enable the correct Kex:
sudo nano /etc/ssh/sshd_config
append with these lines to ensure correct digest:
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
Regenerate all keys:
ssh-keygen -A
and then restart ssh service:
sudo service ssh restart
After these steps you would need to update your local known_hosts file, as the SSH key has changed. Say, your Digital Ocean droplet IP is 255.255.222.211.
Locate it in ~.ssh/known_hosts and remove the line that begins with this 255.255.222.111.
In a new shell window test you can connect to your instance!
Next time you log in you will be asked to add the host to known hosts again.
Hi,
ssh-keygen -A command gives below error… ssh-keygen: illegal option – A usage: ssh-keygen [options] Options: -a trials Number of trials for screening DH-GEX moduli. -B Show bubblebabble digest of key file. -b bits Number of bits in the key to create. -C comment Provide new comment. -c Change comment in private and public key files. -D pkcs11 Download public key from pkcs11 token. -e Convert OpenSSH to RFC 4716 key file. -F hostname Find hostname in known hosts file. -f filename Filename of the key file. -G file Generate candidates for DH-GEX moduli. -g Use generic DNS resource record format. -H Hash names in known_hosts file. -h Generate host certificate instead of a user certificate. -I key_id Key identifier to include in certificate. -i Convert RFC 4716 to OpenSSH key file. -L Print the contents of a certificate. -l Show fingerprint of key file. -M memory Amount of memory (MB) to use for generating DH-GEX moduli. -N phrase Provide new passphrase. -O option Specify a certificate option. -P phrase Provide old passphrase. -p Change passphrase of private key file. -q Quiet. -R hostname Remove host from known_hosts file. -r hostname Print DNS resource record. -S start Start point (hex) for generating DH-GEX moduli. -s ca_key Certify keys with CA key. -T file Screen candidates for DH-GEX moduli. -t type Specify type of key to create. -V from:to Specify certificate validity interval. -v Verbose. -W gen Generator to use for generating DH-GEX moduli. -y Read private key file and print public key. -Z name,… User/host principal names to include in certificate -z serial Specify a serial number.
Regards, S K Gupta
Hey, thank you for posting this. It saved me a ton of time.