On 2023-08-04 09:58, D. Hugh Redelmeier via talk wrote:
Recent Fedora systems' SSH client won't access CentOS 6 servers.
Unable to negotiate with x.y.z.w port 22: no matching host key type
found. Their offer: ssh-rsa,ssh-dss
(One should not still be running CentOS 6!)
All my workstations run recent Fedora systems. How could I access this
server?
I ran intothis also.
I have a client who has a bunch of Centos5 systems.
There are also some switches that have issues requiring magical configs.
An example is:
Host exapmple
Hostname 11.22.33.44
port 9922
PubkeyAcceptedKeyTypes=ssh-rsa,ssh-dss
IdentityFile ~/.ssh/id_rsa
HostkeyAlgorithms ssh-rsa
user root
I believe RHEL9 and possibly 8 have tightened up the ssh requirements
also but I can't verify this offhand now.
DSS is considered compromised so its not being accepted as a protocol.
The older systems also do not accept the newer formats like id_ed25519
so if you have some public/private keys in that format you will need to
force ssh to only use the rsa public key.
I have some switches that require things like
KexAlgorithms=diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
Ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes256-ctr,aes128-ctr
--
Alvin Starr || land: (647)478-6285
Netvel Inc. || Cell: (416)806-0133
al...@netvel.net ||
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
