Ssh – Cipher compatibility between ssh client OpenSSH_3.1 and ssh server OpenSSH_7.3p1

I have to change my old ssh server.

The old sshd was OpenSSH_4.7p1 while the new one is OpenSSH_7.3p1.

I also have many old clients based on Slackware 8.1 (2002) with a very old ssh client OpenSSH_3.1p1

FROM : Linux P0101222 2.4.37.9_20130117
       sshd: OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f

TO   : Linux LinuxServer1 4.8.10-300.fc25.i686
       sshd: OpenSSH_7.3p1, OpenSSL 1.0.2j-fips  26 Sep 2016

       old sshd: OpenSSH_4.7p1, OpenSSL 0.9.8b 04 May 2006

My problem now is that the old client was unable to connect to new ssh server due the different cipher used.

[enzo@P0101222 enzo]$ ssh 192.168.200.37
no matching cipher found: 
client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc server chacha20-poly1305@openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,
aes256-gcm@openssh.com

and here the verbose log

[enzo@P0101222 enzo]$ ssh -v 192.168.200.37
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, 
        originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to 192.168.200.37 [192.168.200.37] port 22.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/enzo/.ssh/identity type -1
debug1: identity file /home/enzo/.ssh/id_rsa type 1
debug1: identity file /home/enzo/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, 
        remote software version OpenSSH_7.3
debug1: match: OpenSSH_7.3 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
no matching cipher found: client aes128-cbc,
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,
aes256-cbc server chacha20-poly1305@openssh.com,aes128-ctr,
aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,
aes256-gcm@openssh.com
debug1: Calling cleanup 0x80634c0(0x0)

My question is if it is possible manage the old clients or maybe, the sshd server in order to allow the client to connect to the new sshd server

_____ ADDED 15.12.2016 09:18 ____

Here below a more verbose log.
And yes, for my task, it should be ok also enable a less secure server on the server side

[enzo@P0101222 enzo]$ ssh -vvv 192.168.200.37
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to 192.168.200.37 [192.168.200.37] port 22.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/enzo/.ssh/identity type -1
debug3: Not a RSA1 key file /home/enzo/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/enzo/.ssh/id_rsa type 1
debug1: identity file /home/enzo/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3
debug1: match: OpenSSH_7.3 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc server chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug1: Calling cleanup 0x80634c0(0x0)

___ ADDED 16/12/2016 08:20 ____

thanks for the answer Jakuje but I missed something again.

I add the suggested commands at the end of /etc/ssh/ssh_config file

[root@LinuxServer1 ssh]# cat /etc/ssh/ssh_config
...
Match Host IP_of_the_legacy_client #can be omited
  Ciphers +aes128-cbc,aes192-cbc,aes256-cbc

KexAlgorithms +diffie-hellman-group-exchange-sha1


#
# To modify the system-wide ssh configuration, create a  *.conf  file under
#  /etc/ssh/ssh_config.d/  which will be automatically included below
Include /etc/ssh/ssh_config.d/*.conf

but the client failed to connect

[enzo@P0101222 test]$ ssh -vvv 192.168.200.37
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to 192.168.200.37 [192.168.200.37] port 22.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/enzo/.ssh/identity type -1
debug3: Not a RSA1 key file /home/enzo/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/enzo/.ssh/id_rsa type 1
debug1: identity file /home/enzo/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3
debug1: match: OpenSSH_7.3 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc server chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug1: Calling cleanup 0x80634c0(0x0)

and on the server I have this notifications

Dec 16 08:19:18 LinuxServer1 audit: CRYPTO_KEY_USER pid=27156 uid=0 auid=0 ses=9 msg='op=destroy kind=server fp=SHA256:b8:d0:f8:52:c7:21:3e:ff:fb:71:2f:f1:c5:f4:ac:76:1f:1c:5e:0d:e5:10:30:9a:c7:4a:de:1b:11:13:11:7b direction=? spid=27156 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec 16 08:19:18 LinuxServer1 audit: CRYPTO_KEY_USER pid=27156 uid=0 auid=0 ses=9 msg='op=destroy kind=server fp=SHA256:2b:3f:d0:85:0a:dd:78:0c:5a:4b:c4:eb:77:08:6e:ae:7a:8c:24:dc:52:cb:13:5d:d0:9d:c6:52:af:e9:a8:59 direction=? spid=27156 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec 16 08:19:18 LinuxServer1 audit: CRYPTO_KEY_USER pid=27156 uid=0 auid=0 ses=9 msg='op=destroy kind=server fp=SHA256:dc:75:c4:fd:90:f9:94:5a:b6:9e:d2:cc:04:68:f1:3a:cf:d0:f5:ad:a1:89:c5:a4:91:ef:50:42:ec:9e:a2:1d direction=? spid=27156 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'

==> secure <==
Dec 16 08:19:18 LinuxServer1 sshd[27155]: Unable to negotiate with 192.168.200.222 port 55702: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

==> messages <==
Dec 16 08:19:18 LinuxServer1 audit: CRYPTO_KEY_USER pid=27155 uid=0 auid=0 ses=9 msg='op=destroy kind=server fp=SHA256:dc:75:c4:fd:90:f9:94:5a:b6:9e:d2:cc:04:68:f1:3a:cf:d0:f5:ad:a1:89:c5:a4:91:ef:50:42:ec:9e:a2:1d direction=? spid=27156 suid=74  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec 16 08:19:18 LinuxServer1 audit: CRYPTO_KEY_USER pid=27155 uid=0 auid=0 ses=9 msg='op=destroy kind=server fp=SHA256:b8:d0:f8:52:c7:21:3e:ff:fb:71:2f:f1:c5:f4:ac:76:1f:1c:5e:0d:e5:10:30:9a:c7:4a:de:1b:11:13:11:7b direction=? spid=27155 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec 16 08:19:18 LinuxServer1 audit: CRYPTO_KEY_USER pid=27155 uid=0 auid=0 ses=9 msg='op=destroy kind=server fp=SHA256:2b:3f:d0:85:0a:dd:78:0c:5a:4b:c4:eb:77:08:6e:ae:7a:8c:24:dc:52:cb:13:5d:d0:9d:c6:52:af:e9:a8:59 direction=? spid=27155 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec 16 08:19:18 LinuxServer1 audit: CRYPTO_KEY_USER pid=27155 uid=0 auid=0 ses=9 msg='op=destroy kind=server fp=SHA256:dc:75:c4:fd:90:f9:94:5a:b6:9e:d2:cc:04:68:f1:3a:cf:d0:f5:ad:a1:89:c5:a4:91:ef:50:42:ec:9e:a2:1d direction=? spid=27155 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Dec 16 08:19:18 LinuxServer1 audit: USER_LOGIN pid=27155 uid=0 auid=0 ses=9 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=192.168.200.222 terminal=ssh res=failed'

Best Answer

From the output, client is offering this list of cipher:

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

and server this one:

debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

You can notice, there is no intersection.

The current openssh does not offer *-cbc modes of ciphers by default, but you can configure it to accept them using (the real attack is very complicated)

Match Host IP_of_the_legacy_client #can be omited
  Ciphers +aes128-cbc,aes192-cbc,aes256-cbc

block in the end of your sshd_config.

Similar problem you will have with key exchange methods. Client offers only

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

but server has different set:

debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1

But again, these methods still exist in current OpenSSH and can be enabled in sshd_config:

KexAlgorithms +diffie-hellman-group-exchange-sha1

The last thing is MAC and you can find common hmac-sha1 so there is no problem.

For more information, see the Legacy page of OpenSSH.

Best Answer

Related Solutions

Ssh – Current SSH connection properties (cipher, auth type, timeout, etc)

Ssh_dispatch_run_fatal: message authentication code incorrect

Related Question