> Sven, how you have identified the key exchange algorithm used by libssh2, is there any way to identify using
fingerprintor key??
I'm looking at what sshd logs on the server end. Or you start sshd with the "-d" argument which logs to stdout and
preventssshd from being backgrounded.
You could also harden sshd by adding the following to sshd_config (don't forget to restart the deamon afterwards):
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs
hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
Since SHA1 is not listed as KexAlgorithms, if the connection is still possible, the client must have used SHA256.
Cheers, -sven