You are here: Foswiki>IN Web>SshLegacy (14 Mar 2023, ChristophHandel)Edit Attach

SSH Legacy

old cryptograhic standards and what to do

no matching host key type

something like 
Unable to negotiate with ... port 22: no matching host key type found. Their offer: ssh-rsa

allow keytype 
ssh -oPubkeyAcceptedKeyTypes=+ssh-rsa HOST

error in libcrypto

something like 
ssh_dispatch_run_fatal: Connection to ... port 22: error in libcrypto

most likely means old sha1. You need to configure your ssh client and create a modified openssl config

in .ssh/config 
Host legacy
  KexAlgorithms +diffie-hellman-group14-sha1
  MACs +hmac-sha1
  HostKeyAlgorithms +ssh-rsa
  PubkeyAcceptedKeyTypes +ssh-rsa
  PubkeyAcceptedAlgorithms +ssh-rsa

create a openssl config my-openssl.cnf 
.include /etc/ssl/openssl.cnf
[openssl_init]
alg_section = evp_properties
[evp_properties]
rh-allow-sha1-signatures = yes

and now use it 
OPENSSL_CONF=my-openssl.cnf ssh legacy

-- ChristophHandel - 10 Jan 2023
Edit  | Attach | Print version | History: r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r3 - 14 Mar 2023, ChristophHandel
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback