compatibility

[lelutin]

I've tried config changes suggested in the secure secure shell article and I found that it doesn't work with wheezy (openssh 6.0p1) since this version doesn't support ed25519 keys.

It does work with wheezy-backports (openssh 6.6p1), but 6.6 still complains about an unknown config option: HostKeyAlgorithms.

Then, with HostKeyAlgorithms commented out to make the config work with 6.6, I see that it doesn't negotiate the right algorithm:

debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Debian-4~bpo70+1
debug1: match: OpenSSH_6.6.1p1 Debian-4~bpo70+1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

[Xiol]

Further to this, just in case anyone comes across this, you have to re-enable diffie-hellman-group-exchange-sha1 as a key exchange algo on the client when trying to SSH to CentOS 5 machines.