doc:appunti:linux:sa:ssh_config
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| doc:appunti:linux:sa:ssh_config [2022/02/15 18:08] – created niccolo | doc:appunti:linux:sa:ssh_config [2022/02/28 18:23] (current) – ["no matching host key type" and "no mutual signature algorithm"] niccolo | ||
|---|---|---|---|
| Line 18: | Line 18: | ||
| KexAlgorithms +diffie-hellman-group1-sha1 | KexAlgorithms +diffie-hellman-group1-sha1 | ||
| </ | </ | ||
| + | |||
| + | This will force the use of **diffie-hellman-group1-sha1** key exchange method, which is considered less secure nowday. | ||
| + | |||
| + | ===== "no matching host key type" and "no mutual signature algorithm" | ||
| + | |||
| + | Problem connecting from an Android environment with **Termux version 0.118.0** (February 2022) to an old **Debian 6 Squeeze**: | ||
| + | |||
| + | < | ||
| + | Unable to negotiate with 192.168.0.250 port 22: | ||
| + | no matching host key type found. Their offer: ssh-rsa, | ||
| + | </ | ||
| + | |||
| + | So the first option to add is **HostKeyAlgorithms**, | ||
| + | |||
| + | < | ||
| + | debug1: send_pubkey_test: | ||
| + | debug1: No more authentication methods to try. | ||
| + | root@192.168.0.250: | ||
| + | </ | ||
| + | |||
| + | So also the **PubkeyAcceptedKeyTypes** is required: | ||
| + | |||
| + | < | ||
| + | ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa root@192.168.0.250 | ||
| + | </ | ||
doc/appunti/linux/sa/ssh_config.1644944911.txt.gz · Last modified: by niccolo