Что такое кексалгоритмы openssh по умолчанию?

После дополнительной проверки эту информацию можно получить двумя способами.

1. читать со страницы руководства для sshd_config(5)

   KexAlgorithms
   Specifies the available KEX (Key Exchange) algorithms.
   Multiple algorithms must be comma-separated.
   The default is
   ecdh-sha2-nistp256 ,
   ecdh-sha2-nistp384 ,
   ecdh-sha2-nistp521 ,
   diffie-hellman-group-exchange-sha256 ,
   diffie-hellman-group-exchange-sha1 ,
   diffie-hellman-group14-sha1 ,
   diffie-hellman-group1-sha1 .
   

2. читать из журналов ssh -vvv (первая часть — это kexalgorithm,hmac,ciphers, поддерживаемая на стороне клиента; вторая часть — сервер sshd.)

   debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
   debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
   debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
   debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
   debug2: kex_parse_kexinit: none,[email protected],zlib
   debug2: kex_parse_kexinit: none,[email protected],zlib
   debug2: kex_parse_kexinit:
   debug2: kex_parse_kexinit:
   debug2: kex_parse_kexinit: first_kex_follows 0
   debug2: kex_parse_kexinit: reserved 0
   debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
   debug2: kex_parse_kexinit: ssh-rsa
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
   debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc,cast128-cbc,arcfour
   debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512
   debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256,hmac-sha2-512
   debug2: kex_parse_kexinit: none,[email protected]
   debug2: kex_parse_kexinit: none,[email protected]
   

3. запрос ssh для поддерживаемых алгоритмов: ssh -Q kex server (верхний регистр -Q)

   diffie-hellman-group1-sha1
   diffie-hellman-group14-sha1
   diffie-hellman-group-exchange-sha1
   diffie-hellman-group-exchange-sha256
   ecdh-sha2-nistp256
   ecdh-sha2-nistp384
   ecdh-sha2-nistp521
   diffie-hellman-group1-sha1
   [email protected]
   

ssh -G 192.168.1.2 показывает конфигурацию, включающую кексаалгоритмы. Например,

kexalgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1

Если вы хотите настроить только diffie-hellman-group1-sha1 для kexalgorithms,

ssh -oKexAlgorithms=diffie-hellman-group1-sha1 [email protected]