https://bugzilla.mindrot.org/show_bug.cgi?id=2991
--- Comment #5 from Darren Tucker <[email protected]> --- (In reply to Karthik Adiga from comment #4) > Thanks Jakub & Darren for your timely reply. > > We follow RSA technique. Not sure what you mean by this. > I have upgraded openssh in arm/linux machine from 5.3p1 to 7.9p1. >From the working connection: > debug2: kex_parse_kexinit: > [email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss client supports all of these host key algorithms > debug2: kex_parse_kexinit: ssh-dss Sever only supports ssh-dss. I think the client only has a ssh-dss (ie DSA) host key, but 7.9p1 doesn't support that by default any more. To re-enable it you would need to add ssh-dss to HostKeyAlgorithms *and* tell it to load the DSA host key (which is no longer in the default list) in addition to all the other key types by adding this to sshd_config: HostKeyAlgorithms +ssh-dss HostKey /usr/local/etc/ssh_host_rsa_key HostKey /usr/local/etc/ssh_host_ecdsa_key HostKey /usr/local/etc/ssh_host_ed25519_key HostKey /usr/local/etc/ssh_host_dsa_key > Earlier from a linux client(5.3p1) to > arm/linux server(5.3p1) was working fine. Now after upgrade it is > giving the no hostkey algorithm error. > > With both machines on the same version 5.3p1 cipher technique used > was hmac-md5, but with server in 7.9p1 it is choosing hmac-sha1. That's fine. > On what basis server chooses the cipher technique i.e hmac-md5 or > hmac-sha1? The server sends a list of algorithms that it supports and the client picks one. If the client doesn't have a supported (and enabled) algorithm matching one that the server offers for a particular purpose then the key exchange fails. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
