Problem with OpenSSH

Brian Inglis
Mon Nov 8 05:04:40 GMT 2021

On 2021-11-07 16:58, Nick Popoff wrote:
> Now I Am having severe problem with 'ssh'.  A simple login command like:
> Ssh <>
> Results in the following response:
> C:/cygwin64/home/Nick> ssh
> Unable to negotiate with <IP> port 22: no matching key exchange method
> found. Their offer:
> gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,
> diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> This is a fresh install of Cygwin on a clean Windows 11.  I went back to 3.2
> for now as I cannot work with 3.3.1. > In other words, the 3.3.1 ssh.exe does not accept legacy kex
> algorithms at all, no matter what.  I no longer can log in to
> Solaris.  For example, it DOES NOT accept the following: > ssh.exe -o KexAlgorithms=+diffie-hellman-group14-sha1> 
Unable to negotiate with port 22: no matching host key
> type found. Their offer: ssh-rsa,ssh-dss > Version 3.2 had no problem with legacy algorithms. Can somebody 
explain as
> to what is going on here. Is it a bug? Or a deliberate break of 
> compatibility?
Cygwin release has little to do with the independent package releases, 
in your case openssh which contains the ssh utilities.
Which platform and releases of SSH and SSL are you running in your PATH:

	$ which -a ssh
	$ ssh -V	# You may well be running Cygwin OpenSSL 1.1.1l
	OpenSSH_8.8p1, OpenSSL 1.1.1k  25 Mar 2021
	$ /cygdrive/c/WINDOWS/System32/OpenSSH/ssh -V
	OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2

If you are running Cygwin OpenSSH 8.2 or later, the announcement last 
year warns that all certain algorithms are now disabled by default, and 
how they may be re-enabled until other systems get upgraded:

"openssh 8.2p1-1


Potentially-incompatible changes

This release includes a number of changes that may affect existing

  * ssh(1), sshd(8): the above removal of "ssh-rsa" from the accepted
    CASignatureAlgorithms list.

  * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
    from the default key exchange proposal for both the client and

  * ssh-keygen(1): the command-line options related to the generation
    and screening of safe prime numbers used by the
    diffie-hellman-group-exchange-* key exchange algorithms have
    changed. Most options have been folded under the -O flag.

The more recent OpenSSH 8.8 announcement disables RSA signatures using 
SHA1 algorithms but has an example showing how you may re-enable 
deprecated algorithms for specific hosts:

"openssh 8.8p1-1


Potentially-incompatible changes

This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K



     Host old-host
         HostkeyAlgorithms +ssh-rsa
         PubkeyAcceptedAlgorithms +ssh-rsa


so for your legacy host you may also wish to add entries like:

         HostkeyAlgorithms +ssh-rsa
         PubkeyAcceptedAlgorithms +ssh-rsa
	KexAlgorithms +diffie-hellman-group14-sha1

Each OpenSSH announcement also includes the section:


Future deprecation notice


which should be read by everyone using ssh for any purpose.
Of note is that scp will be upgraded to use SFTP in future instead of 
the legacy protocol.

Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

More information about the Cygwin mailing list