Must pass -oKexAlgorithms=+diffie-hellman-group1-sha1 flag to ssh to tessel 2 #1749
Description
Howdy folks,
I've recently been messing with my tessel 2 and was unable to root/ssh to it with the following error:
Unable to negotiate with 192.168.0.40 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.au
It looks like the diffie-hellman-group1-sha1 algorithm is considered legacy. https://www.openssh.com/legacy.html. The algorithm is mentioned at the top of this article.
Running something like the following will allow you to ssh:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 root@<$TesselName>.local -i ~/.tessel/id_rsa
They recommend updating the software at the other end for the best resolution but the t2 update command shows me up to date, which is 0.2.0. I see there was a 0.3.0 released on github but that doesn't seem to get picked up by the tessel cli and I haven't tried building and flashing it myself yet but it's only a node version update it looks like so it seems unlikely that would fix it.
I'm not exactly sure if this is a "bug" or if there is a fix for this immediately other than adding a note to the docs? I looked at the openwrt-tessel repo to see about updating but there looks to be some custom patches for the openwrt and the upstream-packages is a repo forked from openwrt. I'd be interested in trying to help get it updated but would probably need a hand with the exact steps or any custom things or nuances to the process.
Thanks in advance.