Failed to import the user key xshell 5
If you always (or mostly) log in as the same user on that system, you can also specify that username: Host 10.255.252.1 Blank lines and lines starting with # are ignored. The indentation is optional, but I find it greatly enhances readability.
KexAlgorithms +diffie-hellman-group1-sha1 Specifying a global default port of 9922 instead of the default 22, you can add a host stanza for the host that needs special configuration, and a global host stanza for the default case. For example, if your SSH config currently says (dummy example): Port 9922 To avoid making a global change to solve a local problem, you can put it in a Host stanza. You can also add this to your personal ~/.ssh/config. Since this matches a cipher that the server offers, an encrypted channel can be established and the connection proceeds to the authentication phase. In this case adding -c 3des-cbc allows only 3DES-CBC from the client. (or -oCiphers=.) to specify which cipher to offer from the client side. Those defaults are the defaults for a reason some pretty smart people spent some brain power considering the options and determined that what was chosen as the defaults provide the best overall security versus performance trade-off.Īs you found out, you can use -c. However, always tread carefully when overriding security-related defaults, including cipher and key exchange algorithm choices. Bottom line, there are worse choices than 3DES-CBC, and there are better ones. CBC itself has some issues when ciphertext can be modified in transit, but I strongly suspect that the resultant corruption would be rejected by SSH's HMAC, reducing impact. It's slow, and it provides less security than some other algorithms, but it's not immediately breakable as long as the keys are selected properly. Usually SSH servers will offer a small handful of different ciphers in order to cater to different clients I'm not sure why your server would be configured to only allow 3DES-CBC. If your system and the remote system don't share at least one cipher, there is no cipher to agree on and no encrypted channel is possible. This particular error happens while the encrypted channel is being set up.