On 2023-08-04 09:58, D. Hugh Redelmeier via talk wrote:
Recent Fedora systems' SSH client won't access CentOS 6 servers.
Unable to negotiate with x.y.z.w port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
(One should not still be running CentOS 6!)
All my workstations run recent Fedora systems. How could I access this server?
I ran intothis also. I have a client who has a bunch of Centos5 systems. There are also some switches that have issues requiring magical configs. An example is: Host exapmple Hostname 11.22.33.44 port 9922 PubkeyAcceptedKeyTypes=ssh-rsa,ssh-dss IdentityFile ~/.ssh/id_rsa HostkeyAlgorithms ssh-rsa user root I believe RHEL9 and possibly 8 have tightened up the ssh requirements also but I can't verify this offhand now. DSS is considered compromised so its not being accepted as a protocol. The older systems also do not accept the newer formats like id_ed25519 so if you have some public/private keys in that format you will need to force ssh to only use the rsa public key. I have some switches that require things like KexAlgorithms=diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 Ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes256-ctr,aes128-ctr -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||