MobileRead Forums - View Single Post - K4 USBNet - No Matching Key Exchange. Their offer: diffie-hellman-group1-sha1

dont_panic · 05-24-2024, 09:17 AM

The reason for this is quite simple imo: The kindle uses 14-year-old crypto routines (rsa), which are not accepted by any modern ssh implementation.
The reason for this is the 'downgrading attack': The attacker just politely asks the victim 'why can't whe use the old unsafe standard like we always did'. That's why your ssh just says 'nope wont do'.
On my win machine I use kitty (a putty fork) as ssh client, and there is a settings page that lets you enable unsafe stuff. I don't know how to do it on linux, and it should depend on your distro. Also, don't do this when your device is connected to the interwebz

My guess would be to just 'give them what they want' and match their offer:

`ssh -oKexAlgorithms=+ssh-rsa root@192.168.15.244`

This is my first post here, so please be patient with a poor noob...

05-24-2024, 09:17 AM	#2
dont_panic Junior Member Posts: 4 Karma: 10 Join Date: May 2024 Location: Berlin/.de Device: K4NT	The reason for this is quite simple imo: The kindle uses 14-year-old crypto routines (rsa), which are not accepted by any modern ssh implementation. The reason for this is the 'downgrading attack': The attacker just politely asks the victim 'why can't whe use the old unsafe standard like we always did'. That's why your ssh just says 'nope wont do'. On my win machine I use kitty (a putty fork) as ssh client, and there is a settings page that lets you enable unsafe stuff. I don't know how to do it on linux, and it should depend on your distro. Also, don't do this when your device is connected to the interwebz My guess would be to just 'give them what they want' and match their offer: `ssh -oKexAlgorithms=+ssh-rsa root@192.168.15.244` This is my first post here, so please be patient with a poor noob... Last edited by dont_panic; 05-24-2024 at 09:21 AM. Reason: addition