search

Enumerating SSH

ssh 192.168.1.140
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group1-sha1
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group1-sha1 -c ssh-rsa
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group1-sha1 -c ssh-dss
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group-exchange-sha1
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group-exchange-sha1 -c ssh-rsa

The command:

Connects via SSH to the host 192.168.1.140using an older key exchange algorithm.

hashtag
Breakdown:

  • ssh 192.168.1.140Connect to the target via SSH.

  • -oKexAlgorithms=+diffie-hellman-group1-sha1: Tells SSH to allow a weak/legacy key exchange algorithm (diffie-hellman-group1-sha1), which is disabled by default in modern SSH clients.

hashtag
Why use this?

To connect to older devices (e.g., legacy routers, switches, and embedded systems) that only support old algorithms.

hashtag
⚠️ Warning:

  • diffie-hellman-group1-sha1 is insecure and deprecated.

  • Use only if necessary, and preferably only in isolated or controlled environments.

PreviousEnumerating SMBNextResearching Potential Vulnerabilities

Last updated