Difference between revisions of "Rocky 8.x SSH client Connecting to old network devices with legacy protocols and ciphers"
(Created page with "Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers If while connecting to a network device (eg TP-Link AP or switch) you get errors similar to '''one among''' below: <pre> Unable to negotiate wit...") |
m |
||
| Line 19: | Line 19: | ||
* https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss | * https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss | ||
* https://community.cisco.com/t5/network-management/no-matching-key-exchange-method-found-their-offer-diffie-hellman/td-p/4410107 | * https://community.cisco.com/t5/network-management/no-matching-key-exchange-method-found-their-offer-diffie-hellman/td-p/4410107 | ||
=Enabling ssh-rsa on modern SSH client= | |||
In case of more modern SSH clients ssh-rsa host key protocol may not be enabled by default. For connecting to Legacy SSH servers using ssh-rsa we can enable the same by editing '<tt>~/.ssh/config</tt>' with: | |||
<pre> | |||
Host * | |||
HostKeyAlgorithms +ssh-rsa | |||
PubkeyAcceptedKeyTypes +ssh-rsa | |||
</pre> | |||
Refer: | |||
* https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss | |||
[[Main Page|Home]] > [[Rocky Linux or CentOS]] > [[Rocky Linux 8.x]] > [[Rocky 8.x System Administration|System Administration]] > [[Rocky 8.x SSH client|SSH client]] > [[Rocky 8.x SSH client Connecting to old network devices with legacy protocols and ciphers|Connecting to old network devices with legacy protocols and ciphers]] | [[Main Page|Home]] > [[Rocky Linux or CentOS]] > [[Rocky Linux 8.x]] > [[Rocky 8.x System Administration|System Administration]] > [[Rocky 8.x SSH client|SSH client]] > [[Rocky 8.x SSH client Connecting to old network devices with legacy protocols and ciphers|Connecting to old network devices with legacy protocols and ciphers]] | ||
Latest revision as of 14:01, 22 July 2023
Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers
If while connecting to a network device (eg TP-Link AP or switch) you get errors similar to one among below:
Unable to negotiate with 192.168.4.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 Unable to negotiate with 192.168.4.11 port 22: no matching host key type found. Their offer: ssh-dss Unable to negotiate with 192.168.4.11 port 22: no matching cipher found. Their offer: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
then the issue can be solved by using:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c aes256-cbc <username>@<fqdn-or-ip>
where each of the -o option is specifically written to take care of specific errors listed in above example.
Refer:
- https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss
- https://community.cisco.com/t5/network-management/no-matching-key-exchange-method-found-their-offer-diffie-hellman/td-p/4410107
Enabling ssh-rsa on modern SSH client
In case of more modern SSH clients ssh-rsa host key protocol may not be enabled by default. For connecting to Legacy SSH servers using ssh-rsa we can enable the same by editing '~/.ssh/config' with:
Host *
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
Refer:
Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers
