reenable sha1 for sshd after update of omv 6.4.8

  • openmediavault : 6.5.0-2 (Shaitan)


    On the beginning of july we updated our openmediavault from 6.2.9 or 6.4.7 to 6.4.8. We are running an older MF-printer/copier/scanner that uploads (uploaded without any problems) by SFTP all scaning files to our ovm installation. Since the update to ovm 6.4.8 we encouter the problem, that older sha1 key exchange methods are not anymore supported/enabled on the sshd of our updated omv installation. In the auth.log we can see those messages:


    Code
    Jul 19 16:59:59 omv sshd[230763]: Unable to negotiate with our.printer.net port 43595: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]


    Normally those key methodes can be reenabled in the sshd_config file. Unfortunately this config file seems to be autogenerated and would be overwritten by omv:


    Code
    # This file is auto-generated by openmediavault (https://www.openmediavault.org)
    # WARNING: Do not edit this file, your changes will get lost.


    So my question is, where can I put/add sshd config statements in order they are not overwritten by omv configurations scripts and omv future upgrades in order to reenable sha1 key echange methods?


    Many thanks in advance and best regards,

  • votdev

    Added the Label OMV 6.x
  • votdev

    Added the Label resolved
  • Hello


    Many thanks for your prompt response and the hint. Unfortunately I am not able to confirm the pending configuration change to the ssh service Extra options field to the omv installation. I have entred the following Extra options in order to append

    KexAlgorithms to the defaults:


    Code
    +KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1


    By confirming the pending change to omv I get the error messages:


    In the end sshd stops to run and I have to reverted to the previous setting and to restart omv.


    I found in the actual documentation for the ssh service the following statement:


    Quote

    An extra text field is provided to enter more options. Examine first the
    file /etc/ssh/sshd_config before adding extra options otherwise the
    option will not be applied. In that case is necessary change the environmental variable.


    I not sure what is the concrete meaning of this statment regarding to add a sshd command as "+KexAlgorithms".


    Many thanks again for any hint,


    best regards

  • So I solved the problem as there was a syntax error in the Extra options statement. The correct syntax is the following:


    Code
    KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1


    The append sign "+" has to be in front of the key method definitions/names to be appended.


    best regards

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!