SSH Legacy
old cryptograhic standards and what to do
no matching host key type
something like
Unable to negotiate with ... port 22: no matching host key type found. Their offer: ssh-rsa
allow keytype
ssh -oPubkeyAcceptedKeyTypes=+ssh-rsa HOST
error in libcrypto
something like
ssh_dispatch_run_fatal: Connection to ... port 22: error in libcrypto
most likely means old sha1. You need to configure your ssh client and create a modified openssl config
in .ssh/config
Host legacy
KexAlgorithms +diffie-hellman-group14-sha1
MACs +hmac-sha1
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
create a openssl config my-openssl.cnf
.include /etc/ssl/openssl.cnf
[openssl_init]
alg_section = evp_properties
[evp_properties]
rh-allow-sha1-signatures = yes
and now use it
OPENSSL_CONF=my-openssl.cnf ssh legacy
--
ChristophHandel - 10 Jan 2023