Rocky 8.x SSH client Connecting to old network devices with legacy protocols and ciphers
Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers
If while connecting to a network device (eg TP-Link AP or switch) you get errors similar to one among below:
Unable to negotiate with 192.168.4.11 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 Unable to negotiate with 192.168.4.11 port 22: no matching host key type found. Their offer: ssh-dss Unable to negotiate with 192.168.4.11 port 22: no matching cipher found. Their offer: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
then the issue can be solved by using:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c aes256-cbc <username>@<fqdn-or-ip>
where each of the -o option is specifically written to take care of specific errors listed in above example.
Refer:
- https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss
- https://community.cisco.com/t5/network-management/no-matching-key-exchange-method-found-their-offer-diffie-hellman/td-p/4410107
Enabling ssh-rsa on modern SSH client
In case of more modern SSH clients ssh-rsa host key protocol may not be enabled by default. For connecting to Legacy SSH servers using ssh-rsa we can enable the same by editing '~/.ssh/config' with:
Host * HostKeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa
Refer:
Home > Rocky Linux or CentOS > Rocky Linux 8.x > System Administration > SSH client > Connecting to old network devices with legacy protocols and ciphers