Re: ssh access not possible: ssh-dss

[Richard Hierlmeier]

When I add -oHostKeyAlgorithms=+ssh-dss to the ssh call it works.

What key? The key of the karaf use in $KARAF_HOME/etc/key.properties? I
have not modify this file.

Richard

2015-09-17 9:14 GMT+02:00 Jean-Baptiste Onofré <j...@nanthrax.net>:

> Hi Richard,
>
> do you use your own key or the one provided by Karaf ?
>
> Do the ssh client support rsa/dsa ?
>
> Regards
> JB
>
> On 09/17/2015 09:07 AM, Richard Hierlmeier wrote:
>
>>
>> Hi,
>>
>> I migrated a karaf 3.0.3 installation from my old windows 7 laptop to a
>> windows 8 laptop.
>> In the new enviroment the ssh connect is no longer working.
>> I get the following error:
>>
>> $ ssh  -p 8101 karaf@localhost
>> Unable to negotiate with 127.0.0.1 <http://127.0.0.1>: no matching host
>>
>> key type found. Their offer: ssh-dss
>>
>> Here is the debug output of ssh:
>>
>> $ ssh -vvv -p 8101 karaf@localhost
>> OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
>> debug2: ssh_connect: needpriv 0
>> debug1: Connecting to localhost [::1] port 8101.
>> debug1: connect to address ::1 port 8101: Connection refused
>> debug1: Connecting to localhost [127.0.0.1] port 8101.
>> debug1: Connection established.
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /cygdrive/c/Users/rh/.ssh/id_rsa type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /cygdrive/c/Users/rh/.ssh/id_rsa-cert type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /cygdrive/c/Users/rh/.ssh/id_dsa type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /cygdrive/c/Users/rh/.ssh/id_dsa-cert type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /cygdrive/c/Users/rh/.ssh/id_ecdsa type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /cygdrive/c/Users/rh/.ssh/id_ecdsa-cert type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /cygdrive/c/Users/rh/.ssh/id_ed25519 type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /cygdrive/c/Users/rh/.ssh/id_ed25519-cert type -1
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_7.1
>> debug1: Remote protocol version 2.0, remote software version
>> SSHD-CORE-0.12.0
>> debug1: no match: SSHD-CORE-0.12.0
>> debug2: fd 3 setting O_NONBLOCK
>> debug1: Authenticating to localhost:8101 as 'karaf'
>> debug3: put_host_port: [localhost]:8101
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug2: kex_parse_kexinit: curve25519-sha...@libssh.org
>> <mailto:curve25519-sha...@libssh.org
>> >,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
>> debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com
>> <mailto:ecdsa-sha2-nistp256-cert-...@openssh.com>,
>> ecdsa-sha2-nistp384-cert-...@openssh.com
>> <mailto:ecdsa-sha2-nistp384-cert-...@openssh.com>,
>> ecdsa-sha2-nistp521-cert-...@openssh.com
>> <mailto:ecdsa-sha2-nistp521-cert-...@openssh.com>,
>> ssh-ed25519-cert-...@openssh.com
>> <mailto:ssh-ed25519-cert-...@openssh.com>,ssh-rsa-cert-...@openssh.com
>> <mailto:ssh-rsa-cert-...@openssh.com
>> >,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa
>> debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com
>> <mailto:chacha20-poly1...@openssh.com>,aes128-ctr,aes192-ctr,aes256-ctr,
>> aes128-...@openssh.com
>> <mailto:aes128-...@openssh.com>,aes256-...@openssh.com
>> <mailto:aes256-...@openssh.com
>> >,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
>> rijndael-...@lysator.liu.se
>> <mailto:rijndael-...@lysator.liu.se>
>> debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com
>> <mailto:chacha20-poly1...@openssh.com>,aes128-ctr,aes192-ctr,aes256-ctr,
>> aes128-...@openssh.com
>> <mailto:aes128-...@openssh.com>,aes256-...@openssh.com
>> <mailto:aes256-...@openssh.com
>> >,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
>> rijndael-...@lysator.liu.se
>> <mailto:rijndael-...@lysator.liu.se>
>> debug2: kex_parse_kexinit: umac-64-...@openssh.com
>> <mailto:umac-64-...@openssh.com>,umac-128-...@openssh.com
>> <mailto:umac-128-...@openssh.com>,hmac-sha2-256-...@openssh.com
>> <mailto:hmac-sha2-256-...@openssh.com>,hmac-sha2-512-...@openssh.com
>> <mailto:hmac-sha2-512-...@openssh.com>,hmac-sha1-...@openssh.com
>> <mailto:hmac-sha1-...@openssh.com>,umac...@openssh.com
>> <mailto:umac...@openssh.com>,umac-...@openssh.com
>> <mailto:umac-...@openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-sha1,
>> hmac-md5-...@openssh.com
>> <mailto:hmac-md5-...@openssh.com>,hmac-ripemd160-...@openssh.com
>> <mailto:hmac-ripemd160-...@openssh.com>,hmac-sha1-96-...@openssh.com
>> <mailto:hmac-sha1-96-...@openssh.com>,hmac-md5-96-...@openssh.com
>> <mailto:hmac-md5-96-...@openssh.com>,hmac-md5,hmac-ripemd160,
>> hmac-ripemd...@openssh.com
>> <mailto:hmac-ripemd...@openssh.com>,hmac-sha1-96,hmac-md5-96
>> debug2: kex_parse_kexinit: umac-64-...@openssh.com
>> <mailto:umac-64-...@openssh.com>,umac-128-...@openssh.com
>> <mailto:umac-128-...@openssh.com>,hmac-sha2-256-...@openssh.com
>> <mailto:hmac-sha2-256-...@openssh.com>,hmac-sha2-512-...@openssh.com
>> <mailto:hmac-sha2-512-...@openssh.com>,hmac-sha1-...@openssh.com
>> <mailto:hmac-sha1-...@openssh.com>,umac...@openssh.com
>> <mailto:umac...@openssh.com>,umac-...@openssh.com
>> <mailto:umac-...@openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-sha1,
>> hmac-md5-...@openssh.com
>> <mailto:hmac-md5-...@openssh.com>,hmac-ripemd160-...@openssh.com
>> <mailto:hmac-ripemd160-...@openssh.com>,hmac-sha1-96-...@openssh.com
>> <mailto:hmac-sha1-96-...@openssh.com>,hmac-md5-96-...@openssh.com
>> <mailto:hmac-md5-96-...@openssh.com>,hmac-md5,hmac-ripemd160,
>> hmac-ripemd...@openssh.com
>> <mailto:hmac-ripemd...@openssh.com>,hmac-sha1-96,hmac-md5-96
>> debug2: kex_parse_kexinit: none,z...@openssh.com
>> <mailto:z...@openssh.com>,zlib
>> debug2: kex_parse_kexinit: none,z...@openssh.com
>> <mailto:z...@openssh.com>,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: kex_parse_kexinit:
>>
>> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-dss
>> debug2: kex_parse_kexinit: aes128-ctr
>> debug2: kex_parse_kexinit: aes128-ctr
>> debug2: kex_parse_kexinit: hmac-sha1
>> debug2: kex_parse_kexinit: hmac-sha1
>> debug2: kex_parse_kexinit: none
>> debug2: kex_parse_kexinit: none
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug1: kex: server->client aes128-ctr hmac-sha1 none
>> debug1: kex: client->server aes128-ctr hmac-sha1 none
>> Unable to negotiate with 127.0.0.1 <http://127.0.0.1>: no matching host
>> key type found. Their offer: ssh-dss
>>
>>
>> What can I do?
>>
>> Richard
>>
>>
>>
>>
>>
>>
> --
> Jean-Baptiste Onofré
> jbono...@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>