Page 1 of 1
Bridging between older and newer SSH
Posted: Tue Sep 17, 2024 7:26 pm
by matto
One of the problems you run into when working with older software, is getting SSH access.
Using a system with SSH1, you lock yourself out from your other systems.
So, I was thinking about setting up a kind of brrige system, like a Jail or a container, that
runs an sshd that allows SSH1 access, and also has a new SSH to ssh out to your other systems.
This means installing an old sshd on a modern system. I tried to compile some early versions
of dropbear, both on a modern FreeBSD system as well as on a recent Debian VM, but without
success.
Dows anybody has found a solution for this?
Re: Bridging between older and newer SSH
Posted: Tue Sep 17, 2024 8:17 pm
by zero cool
Good idea!
I suppose it depends on how far back in versions you want to go. But I've accidentally solved this at home by running a Debian 8 virtual machine as jump server. It still retains a bunch of older ciphers it seems, and lets older machines connect to it, while still being able to connect to modern ones.
Re: Bridging between older and newer SSH
Posted: Tue Sep 17, 2024 8:59 pm
by tekk
I've gotten around it by telnetting into a machine on my LAN then using that to ssh out. No reason you couldn't do what you said and configure something with ssh1 then give it a dropbear or similar with ssh2 though. What's the old system we're talking about here?
If your Old Computer is Windows then you ought to be able to compile the latest version of dropbear as long as it's not 98/95.
Re: Bridging between older and newer SSH
Posted: Wed Sep 18, 2024 7:07 pm
by matto
Hi,
Thanks for the responses
I have been looking at telnet, indeed. Maybe run that in a FreeBSD jail (with a current FreeBSD version) or a Linux LXC container or something like that.
I do have a RedHat 5.2 system running in qemu-system-i386, that can be used for telnet and for ftp (that is how I added some software to other old distro's that I have run in qemu-system-i386). But that system is of course not suitable to ssh out (no ssh at all on it
The idea of a Debian-8 VM is also nice, I will try that too
The system is an Apple Power Mac G4, that is from about 1999. But I think many people playing with older OS'er run into this kind of problem.
Re: Bridging between older and newer SSH
Posted: Sat Sep 21, 2024 3:18 pm
by crush
You can allow your modern SSH server to use older ciphers by adding this to your sshd_config:
Code: Select all
KexAlgorithms=+diffie-hellman-group1-sha1
HostKeyAlgorithms=+ssh-rsa
I don't know how far back a legacy SSH client would connect but one from 2004 seems to works for me.
Re: Bridging between older and newer SSH
Posted: Mon Sep 23, 2024 6:44 pm
by matto
Thanks crush,
Will play with this!