How do I specify the key exchange method in OpenSSH?
Solution 1:
OpenSSH 5.7 introduced the KexAlgorithms
option:
ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server
configuration to allow selection of which key exchange methods are
used by ssh(1) and sshd(8) and their order of preference.
So if you have at least that version, you should be able to pass -oKexAlgorithms=<kex_list>
to specify your preferences.
AFAICT, the OpenSSH client won't actually print out what kex algorithm was negotiated, but if you pass -vv
and look at the kex_parse_kexinit
lines, you can see the list of kex algorithms (as well as lists of encryption, MAC, etc. algorithms) supported by the client, followed by the lists supported by the server. In theory, the client will select the first algorithm in its list that also appears in the server's list (i.e., the selection favors the client's preference). So for client list a,b,c
and server list c,b
, the client chooses algorithm b
.