Categories
Unix

SSH hangs when expecting SSH2_MSG_KEX_DH_GEX_GROUP

I encountered this odd issue when I went to SSH from a new CentOS 7 box to an older system, and it just hung with no response. Turning on verbose showed me where it was hanging:

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

I found a number of suggestions on the ‘net as to how to handle this, but the below worked for me. It is a compatibility issue with a newer openSSH connecting to an older one that doesn’t have ciphers as strong.

You need to edit /etc/ssh_config and I added the following to the bottom, so it is under the “host *” items:

SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIDelegateCredentials no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
HostKeyAlgorithms ssh-rsa,ssh-dss
MACs hmac-md5,hmac-sha1,hmac-ripemd160