We use Linux clients with ssh2 and they all have OpenSSH 7.0 or newer. When connecting to our EXOS switches we get this error:
Unable to negotiate with x.x.x.x port 22: no matching
host key type found. Their offer: ssh-dss
The switches use XOS 16.1.x and I have also tested with 16.2. Same result!
OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It is week and not recommended.
Because of this we need to disable ssh-dss on the switches but is it possible? I know that more ssh2 variables can be changed and configured in XOS 21.1 and when using 21.1 we don't get the error about ssh-dss. Great, but I have very few G2 switches so I have to stick with 16.x for a long time.
Ssh2 Secure mode have also been tested but it didn't solve the problem with ssh-dss.
Have anybody else any experience with this on XOS 16.2 or lower versions?