← Back to context

Comment by tankenmate

8 years ago

Which algorithms are they missing?

ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

without these you'll likely be unable to connect to Cisco devices, vCenter, etc.

  • The SHA1 variants are deprecated on modern OpenSSH as well, although they're still supported if you explicitly enable them.

    I agree that it would be nice to have them "opt-in" in Windows as well, in my experience a significant amount of legacy equipment still uses these deprecated algorithms.

  • I never thought I'd say that, but maybe Microsoft needs to work more on backwards compatibility. :)