How do I specify the key exchange method in OpenSSH?

ssh security openssh

Solution 1:

OpenSSH 5.7 introduced the KexAlgorithms option:

ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server
configuration to allow selection of which key exchange methods are
used by ssh(1) and sshd(8) and their order of preference.

So if you have at least that version, you should be able to pass -oKexAlgorithms=<kex_list> to specify your preferences.

AFAICT, the OpenSSH client won't actually print out what kex algorithm was negotiated, but if you pass -vv and look at the kex_parse_kexinit lines, you can see the list of kex algorithms (as well as lists of encryption, MAC, etc. algorithms) supported by the client, followed by the lists supported by the server. In theory, the client will select the first algorithm in its list that also appears in the server's list (i.e., the selection favors the client's preference). So for client list a,b,c and server list c,b, the client chooses algorithm b.

Related

My ZFS dataset is gone after system upgrade/reboot (ubuntu)
Install GCC / G++ Version 4.9 in Linux Mint
My VPN appears to be making my cable internet connection 5X faster?
Bash keyboard shortcuts that use Alt do not work on a Mac
Re-add ssh key every time I restart my mac
Why do I get HTTP error 410 when trying to download YouTube videos with pytube?
Android Kotlin adding additional field with value to data class
Find length and placement of alphabet characters in character string R
Aggregate date ranges without including overlapping dates
Docker not running on Ubuntu WSL due to error cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? [closed]
Convert javascript array to object of same keys/values
somehow I need to update all the functions so that I can get how many times each function is called during the program lifecycle