Anyway to add diffie-hellman-group1-sha1 to ssh_config?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
JimPhreak

JimPhreak

Active Member
Oct 10, 2013
553
55
28
I'm looking to setup my unRAID server as a backup repository for Veeam Backup & Replication. I'm trying to set it up as an NFS share but I get an error that the server does not support diffie-hellman-group1-sha1 for key exchange. I've tried to add it that to the line MACs in the /etc/ssh/ssh_config directory but it doesn't seem to take. Can this be done? If not, I'll have to use a CIFS share instead, just figured NFS would be faster.
 
R

RTM

Well-Known Member
Jan 26, 2014
956
359
63
I am not sure why you are editing SSH configuration, when you are trying to do something with NFS.
That aside if you want to edit the configuration of a SSH server, you need to edit the /etc/ssh/sshd_config file rather than the ssh_config file.

From reading the man file, it looks like you need to look into 'KexAlgorithms' and add 'diffie-hellman-group1-sha1'.
It is quite possible that you will have to add the key ('KexAlgorithms') if it is not already present.
 
  • Like
Reactions: neo
EffrafaxOfWug

EffrafaxOfWug

Radioactive Member
Feb 12, 2015
1,394
511
113
Still don't understand what SSH key exchange has to do with NFS, but most SSH daemons should have DH SHA1 in their default list. From the man page of my OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k version:

Code: 
     KexAlgorithms
             Specifies the available KEX (Key Exchange) algorithms.  Multiple algorithms must be comma-separated.  The default is:

                   curve25519-sha256@libssh.org,
                   ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                   diffie-hellman-group-exchange-sha256,
                   diffie-hellman-group14-sha1,
                   diffie-hellman-group-exchange-sha1,
                   diffie-hellman-group1-sha1
What's the command you're trying to run that's failing? If you add -vvv to the ssh options line you'll be able to see all the KEX info.

Edit: So turns out that Veeam have a page for this and much like RTM says, you need to modify the sshd_config file on your destination server. Looks like Veeam tunnels NFS traffic through SSH by default. Was the second hit on google.

KB2061: Server does not support diffie-hellman-group1-sha1 for keyexchange
 
Last edited:
JimPhreak

JimPhreak

Active Member
Oct 10, 2013
553
55
28
I had found that document back when I asked this question but it didn't seem to help. Added the following lines to my sshd_config file but still got the same error message.

Code: 
# KexAlgorithms
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

# Ciphers and keying
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
I don't know if the ssh-keygen -A command worked or not as there was no confirmation or output when I ran it and rebooted.
 
Last edited:
You must log in or register to reply here.
Top Bottom