Bridging between older and newer SSH

Post Reply
User avatar
matto
Posts: 14
Joined: Fri Apr 19, 2024 2:49 pm

Bridging between older and newer SSH

Post by matto »

One of the problems you run into when working with older software, is getting SSH access.

Using a system with SSH1, you lock yourself out from your other systems.
So, I was thinking about setting up a kind of brrige system, like a Jail or a container, that
runs an sshd that allows SSH1 access, and also has a new SSH to ssh out to your other systems.

This means installing an old sshd on a modern system. I tried to compile some early versions
of dropbear, both on a modern FreeBSD system as well as on a recent Debian VM, but without
success.

Dows anybody has found a solution for this?
User avatar
zero cool
Site Admin
Posts: 211
Joined: Fri Apr 19, 2024 9:40 am
Location: The sea of meatballs
Gopher: gopher.deadnet.se
IRC: Headcrash @ irc.libera.chat
Jabber: headcrash@og.im
Contact:

Re: Bridging between older and newer SSH

Post by zero cool »

Good idea!
I suppose it depends on how far back in versions you want to go. But I've accidentally solved this at home by running a Debian 8 virtual machine as jump server. It still retains a bunch of older ciphers it seems, and lets older machines connect to it, while still being able to connect to modern ones.
Everything is a smoke machine if you operate it wrong enough.
fsck.life
deadnet.se
User avatar
tekk
Posts: 77
Joined: Fri Apr 19, 2024 5:17 pm

Re: Bridging between older and newer SSH

Post by tekk »

I've gotten around it by telnetting into a machine on my LAN then using that to ssh out. No reason you couldn't do what you said and configure something with ssh1 then give it a dropbear or similar with ssh2 though. What's the old system we're talking about here?

If your Old Computer is Windows then you ought to be able to compile the latest version of dropbear as long as it's not 98/95.
User avatar
matto
Posts: 14
Joined: Fri Apr 19, 2024 2:49 pm

Re: Bridging between older and newer SSH

Post by matto »

Hi,

Thanks for the responses :)

I have been looking at telnet, indeed. Maybe run that in a FreeBSD jail (with a current FreeBSD version) or a Linux LXC container or something like that.

I do have a RedHat 5.2 system running in qemu-system-i386, that can be used for telnet and for ftp (that is how I added some software to other old distro's that I have run in qemu-system-i386). But that system is of course not suitable to ssh out (no ssh at all on it :)

The idea of a Debian-8 VM is also nice, I will try that too :)

The system is an Apple Power Mac G4, that is from about 1999. But I think many people playing with older OS'er run into this kind of problem.
crush
Posts: 2
Joined: Fri Sep 20, 2024 3:50 am

Re: Bridging between older and newer SSH

Post by crush »

You can allow your modern SSH server to use older ciphers by adding this to your sshd_config:

Code: Select all

KexAlgorithms=+diffie-hellman-group1-sha1
HostKeyAlgorithms=+ssh-rsa
I don't know how far back a legacy SSH client would connect but one from 2004 seems to works for me.
User avatar
matto
Posts: 14
Joined: Fri Apr 19, 2024 2:49 pm

Re: Bridging between older and newer SSH

Post by matto »

Thanks crush,

Will play with this!
Post Reply