Hi, with openssh client version 7.2 it's not possible to use ssh-keyscan to scan ssh servers that support diffie-hellman-group1-sha1 only. It is because for ssh-keyscan KEX_CLIENT_KEX is hard coded. ssh by itself is working because you can specify additional kex algorithms with -o which is not available for ssh-keyscan. Hence I think ssh-keyscan should still support the old ciphers. diffie-hellman-group1-sha1 was removed from KEX_CLIENT_KEX here: https://github.com/openssh/openssh-portable/commit/bdfd29f60b74f3e678297269dc6247a5699583c1 Regards Klara _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
