Difference between revisions of "Key exchange method (KEX)"
Jump to navigation
Jump to search
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[wikipedia:Key exchange method]] | [[wikipedia:Key exchange method]] | ||
− | [[OpenSSH changelog]] | + | * [[Diffie–Hellman key exchange]] |
+ | * [[PSK]] | ||
+ | * [[Elliptic-curve Diffie–Hellman (ECDH)]] | ||
+ | |||
+ | == [[OpenSSH changelog]] == | ||
* [[OpenSSH 9.0]] Aug 2022 Use the hybrid Streamlined [[NTRU]] Prime + [[x25519]] [[key exchange]] method by default | * [[OpenSSH 9.0]] Aug 2022 Use the hybrid Streamlined [[NTRU]] Prime + [[x25519]] [[key exchange]] method by default | ||
* [[OpenSSH 8.5]] 03 March 2021 update/replace the experimental [[post-quantum]] hybrid key exchange method | * [[OpenSSH 8.5]] 03 March 2021 update/replace the experimental [[post-quantum]] hybrid key exchange method | ||
Line 7: | Line 11: | ||
* Added [[curve25519-sha256]]@libssh.org key exchange | * Added [[curve25519-sha256]]@libssh.org key exchange | ||
+ | ssh -V | ||
+ | [[OpenSSH_8.2]]p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f 31 Mar 2020 | ||
+ | ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no [email protected] | ||
+ | [[Unable to negotiate]] with 10.10.10.2 port 22: no matching [[key exchange method]] found. Their offer: [[diffie-hellman-group-exchange-sha1]],[[diffie-hellman-group14-sha1]],[[diffie-hellman-group1-sha1]] | ||
+ | |||
+ | |||
+ | ssh -o[[KexAlgorithms]]=+diffie-hellman-group1-sha1 123.123.123.123 | ||
+ | [[ssh_dispatch_run_fatal]]: Connection to 123.123.123.123 port 22: [[Invalid key length]] | ||
== Cisco IOS == | == Cisco IOS == | ||
Line 14: | Line 26: | ||
== Related terms == | == Related terms == | ||
* <code>[[KexAlgorithms]]</code> directive | * <code>[[KexAlgorithms]]</code> directive | ||
+ | * <code>[[ssh -Q kex]]</code> | ||
== See also == | == See also == | ||
Line 19: | Line 32: | ||
* {{key}} | * {{key}} | ||
* {{ssh}} | * {{ssh}} | ||
+ | * {{TLS}} | ||
[[Category:ssh]] | [[Category:ssh]] |
Latest revision as of 11:01, 22 February 2024
OpenSSH changelog[edit]
- OpenSSH 9.0 Aug 2022 Use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default
- OpenSSH 8.5 03 March 2021 update/replace the experimental post-quantum hybrid key exchange method
- Added curve25519-sha256@libssh.org key exchange
ssh -V OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f 31 Mar 2020 ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no [email protected] Unable to negotiate with 10.10.10.2 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 123.123.123.123 ssh_dispatch_run_fatal: Connection to 123.123.123.123 port 22: Invalid key length
Cisco IOS[edit]
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Related terms[edit]
KexAlgorithms
directivessh -Q kex
See also[edit]
- KEX, KexAlgorithms, Diffie–Hellman, PSK, Elliptic-curve Diffie–Hellman (ECDH)
- Public key cryptography,
private key
,public key
,key length
,ssh-keygen
,ssh-keyscan
, Root certificate, KEX, Generate a key - SSH:
ssh
, TLS,.ppk, .pem, .crt, .pub
, ED25519, Key exchange method (KEX), public key, private key,ssh -Q kex
,IAMUserSSHKeys
,known_hosts
, ssh tunnel, Dropbear - TLS, mTLS: OpenSSL, LibreSSL, BoringSSL, WolfSSL, X.509,
.pem
, SNI, CT, OCSP, Mbed TLS, ALPN,your connection is not private
, SSL Certificate Checker, Wildcard certificate, JA3 fingerprint, sslcan, TLS inspection
Advertising: