Hi all,
i try to connect from one server (Alma Linux 9) via ssh to another Linux Server (Centos 7.6).
In my shell i get following message:
Unable to negotiate with 192.168.2.19 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
How can i fix this issue ??
Thanks in advance
Greetings FK
I have no issues on ssh between AlmaLinux 9 and CentOS 7 (both directions) and I do have ssh&sshd on default config.
Then again, my CentOS 7 are up to date – 7.9 content.
Some older versions of ssh only offer older keys. You can either put in $HOME/.ssh/config
<Hosname> (Or IP)
HostKeyAlgorithms=ssh-dss
Or do it at command line with
ssh -oHostKeyAlgorithms=ssh-dss <target_name>
In either case it should be considered a temporary fix and ssh on target should
be upgraded as soon as possible.
as root
update-crypto-policies --show
to show the crypto policies in use
after that as root
update-crypto-policies --set legacy
i have the same issue with very old cisco switch
i was also abliged to increase the rsa key of the swith to minimun 2048
see here for a completed explanation between redhat 7 & redhat 9
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
Warning
Switching to the LEGACY policy level results in a less secure system and applications.
Got also the same with the SFTP implementations of New Cisco Cucm software .
Strange behavior
Normal sftp is just FTP over ssh. So if the negociation failed with ssh il wi’ll also, failed in sftp
Hi,
You can test:
Option 1: In Almalinux 9, execute
update-crypto-policies --set DEFAULT:SHA1
reboot
Option 2: In Almalinux 9, add the next config :
RSAMinSize 1024
PubkeyAcceptedKeyTypes +ssh-rsa
In file:
/etc/crypto-policies/back-ends/opensshserver.config
reboot
Thanks a lot, it works now.