Enumerating SSH

ssh 192.168.1.140
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group1-sha1
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group1-sha1 -c ssh-rsa
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group1-sha1 -c ssh-dss
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group-exchange-sha1
ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group-exchange-sha1 -c ssh-rsa

The command:

ssh 192.168.1.140 -oKexAlgorithms=+diffie-hellman-group1-sha1

Connects via SSH to the host 192.168.1.140using an older key exchange algorithm.

Breakdown:

  • ssh 192.168.1.140Connect to the target via SSH.

  • -oKexAlgorithms=+diffie-hellman-group1-sha1: Tells SSH to allow a weak/legacy key exchange algorithm (diffie-hellman-group1-sha1), which is disabled by default in modern SSH clients.

Why use this?

To connect to older devices (e.g., legacy routers, switches, and embedded systems) that only support old algorithms.

⚠️ Warning:

  • diffie-hellman-group1-sha1 is insecure and deprecated.

  • Use only if necessary, and preferably only in isolated or controlled environments.

PreviousEnumerating SMBNextResearching Potential Vulnerabilities

Last updated