FreeDOS

1-25-2019

FreeDOS and SSH configuration

I am running scp2d386 on FreeDOS and it fails to transfer files from my linux machine running OpenSSH 7.6.

It is all about old key exchange algorithms being disabled in recent versions of OpenSSH. I added the following lines to my /etc/ssh/sshd_config.

KexAlgorithms diffie-hellman-group1-sha1,,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr
HostKeyAlgorithms +ssh-dss

Also, based on a comment in sshd_config, I edited the file /etc/sysconfig/ssh and uncommented a line so it looks like:

# System-wide crypto policy:
# To opt-out, uncomment the following line
CRYPTO_POLICY=

You also need to use the "-g" switch on the FreeDOS side. This tells scp2d386 to use DH group1 key exchange. Simply adding the -g switch before performing the above edits yields this message on the server:

Unable to negotiate with 192.168.0.20 port 613:
no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]

Have any comments? Questions? Drop me a line!

Adventures in Computing / tom@mmto.org