Rocky 8.x SSH client Connecting to old network devices with legacy protocols and ciphers

From Notes_Wiki
Revision as of 14:01, 22 July 2023 by Saurabh (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers

If while connecting to a network device (eg TP-Link AP or switch) you get errors similar to one among below: 

Unable to negotiate with 192.168.4.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Unable to negotiate with 192.168.4.11 port 22: no matching host key type found. Their offer: ssh-dss

Unable to negotiate with 192.168.4.11 port 22: no matching cipher found. Their offer: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

then the issue can be solved by using: 

    ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c aes256-cbc <username>@<fqdn-or-ip>

where each of the -o option is specifically written to take care of specific errors listed in above example.


Refer:


Enabling ssh-rsa on modern SSH client

In case of more modern SSH clients ssh-rsa host key protocol may not be enabled by default. For connecting to Legacy SSH servers using ssh-rsa we can enable the same by editing '~/.ssh/config' with: 

Host *
    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedKeyTypes +ssh-rsa

Refer:


Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Rocky_8.x_SSH_client_Connecting_to_old_network_devices_with_legacy_protocols_and_ciphers&oldid=8009"