KEX diffie-hellman-group-exchange-sha1 isn't offered for Cisco #1235
Description
Hello,
I have configured almost all KEX's algorithms, see the list
kex: [
'ecdh-sha2-nistp256',
'ecdh-sha2-nistp384',
'ecdh-sha2-nistp521',
'diffie-hellman-group-exchange-sha1',
'diffie-hellman-group-exchange-sha256',
'diffie-hellman-group1-sha1',
'diffie-hellman-group14-sha1',
'diffie-hellman-group14-sha256',
'diffie-hellman-group15-sha512',
'diffie-hellman-group16-sha512',
'diffie-hellman-group17-sha512',
'diffie-hellman-group18-sha512',
],
But when I'm trying to connect to Cisco then the diffie-hellman-group-exchange-sha1 is never offered and I'm not able to connect there, see
2022-11-02T16:41:15.194Z - debug: Custom crypto binding not available
2022-11-02T16:41:15.195Z - debug: Local ident: 'SSH-2.0-ssh2js1.10.0'
2022-11-02T16:41:15.195Z - debug: Client: Trying 149.196.174.121 on port 22 ...
2022-11-02T16:41:15.318Z - debug: Socket connected
2022-11-02T16:41:15.445Z - debug: Remote ident: 'SSH-2.0-Cisco-1.25'
2022-11-02T16:41:15.445Z - debug: Outbound: Sending KEXINIT
2022-11-02T16:41:15.446Z - debug: Inbound: Handshake in progress
2022-11-02T16:41:15.446Z - debug: Handshake: (local) KEX method: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
2022-11-02T16:41:15.446Z - debug: Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha1
2022-11-02T16:41:15.447Z - debug: Handshake: No matching key exchange algorithm
2022-11-02T16:41:15.447Z - debug: Outbound: Sending DISCONNECT (3)
2022-11-02T16:41:15.448Z - debug: Outbound: Sending DISCONNECT (11)
2022-11-02T16:41:15.469Z - info: Awaiting connectionEndedPromise...
2022-11-02T16:41:15.672Z - debug: Socket ended
2022-11-02T16:41:15.672Z - debug: Socket closed
2022-11-02T16:41:15.673Z - info: SocketClosedPromise finished.
But it is offered for SSH-2.0-ROSSSH - Mikrotik device
2022-11-11T08:35:24.580Z - debug: Remote ident: 'SSH-2.0-ROSSSH'
2022-11-11T08:35:24.580Z - debug: Outbound: Sending KEXINIT
2022-11-11T08:35:24.582Z - debug: Inbound: Handshake in progress
2022-11-11T08:35:24.582Z - debug: Handshake: (local) KEX method: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
2022-11-11T08:35:24.582Z - debug: Handshake: (remote) KEX method: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
2022-11-11T08:35:24.582Z - debug: Handshake: KEX algorithm: diffie-hellman-group-exchange-sha1
So the question is why all configured algorithms are not always offered to all devices?
The last version ssh2 (1.11.0) is used
Thanks