far2l icon indicating copy to clipboard operation
far2l copied to clipboard

Published 20 hours ago verified publisher icon elfmz

Netrocks: no match for method server host key algo

Open dmstek opened this issue 3 years ago • 5 comments

When trying to connect to host tells:

Connection - kex error : no match for method server host key algo: server [ssh-rsa,ssh-dss], client [ssh-ed25519,ecdsa

Did not found a way to add algo for this host in Netrocks. So to do what you do for ssh in .ssh/config like

HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

dmstek avatar Sep 25 '22 19:09 dmstek

so try to enable checkbox Use OpenSSH configuration files in [ Protocol options ]

elfmz avatar Sep 25 '22 19:09 elfmz

so try to enable checkbox Use OpenSSH configuration files in [ Protocol options ]

Yes, it was the first thing I tried.

sftp [email protected] from command line works, but same from netrocks do not, even that the checkbox "Use OpenSSH configuration files" is checked.

dmstek avatar Sep 25 '22 20:09 dmstek

if would be useful if you can tell how to force OpenSSH server to use (only) ssh-rsa or may be what ssh server to use for that Specifying HostkeyAlgorithms ssh-rsa in sshd_config seems didnt change anything

elfmz avatar Sep 25 '22 20:09 elfmz

if would be useful if you can tell how to force OpenSSH server to use (only) ssh-rsa or may be what ssh server to use for that Specifying HostkeyAlgorithms ssh-rsa in sshd_config seems didnt change anything

But we do not need to force ssh server to use rsa, we need to force ssh client to use rsa.

You have to put in /home/user/.ssh/config this content

Host 192.168.1.7
    HostkeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa

In this case it will use rsa.

So basically without it will be this:

ssh [email protected]
Unable to negotiate with 192.168.1.7 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

When you include it will be working:

ssh [email protected]
[email protected]'s password:

dmstek avatar Sep 25 '22 21:09 dmstek

Ah, sorry, I got it, you want to test so you want to restrict. Just install old version like OpenSSH_6.7p1, OpenSSL 0.9.8zg 11 Jun 2015 in virtual box and that will do it.

http://ftp.debian.org/debian/pool/main/o/openssh/?C=M;O=A

dmstek avatar Sep 25 '22 21:09 dmstek

there were bunch of research and changes around this, so small summary: 1 ssh_config is really parsed by libssh, futhermore it appeared that it was parsed regardless of the option 'Use OpenSSH configuration files' BUT libssh has limited support of openssh configs format, for instance it doesnt understand '+ssh-rsa' but understands simple 'ssh-rsa' 2 NetRocks options was extended so now its possible to specify per-site either specific config file either set supported hostkeys explicitly: image So it seems it can be closed now - please check if its ok for you now,

elfmz avatar Jan 22 '23 18:01 elfmz

closing bug as probably resolved, if still not possible to connect - reopen

elfmz avatar Jan 28 '23 23:01 elfmz