cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to negotiate ssh2 key algorithm

Unable to negotiate ssh2 key algorithm

lhuso
New Contributor II
We use Linux clients with ssh2 and they all have OpenSSH 7.0 or newer. When connecting to our EXOS switches we get this error:

Unable to negotiate with x.x.x.x port 22: no matching
host key type found. Their offer: ssh-dss

The switches use XOS 16.1.x and I have also tested with 16.2. Same result!

OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It is week and not recommended.
Because of this we need to disable ssh-dss on the switches but is it possible? I know that more ssh2 variables can be changed and configured in XOS 21.1 and when using 21.1 we don't get the error about ssh-dss. Great, but I have very few G2 switches so I have to stick with 16.x for a long time.

Ssh2 Secure mode have also been tested but it didn't solve the problem with ssh-dss.

Have anybody else any experience with this on XOS 16.2 or lower versions?
6 REPLIES 6

Necheporenko__N
Extreme Employee
Hello lhuso,

Put next lines into your client's ssh config file "~/.ssh/config"

Host
HostKeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1

Best Regards,
Nikolay

Baskar
Extreme Employee
I Belive configuring ssh will help us to resolve the issue (configure ssh2 key), because 16.2 has backward compatibility to DSA.
please let me know above one helped to resolve the issue.

lhuso
New Contributor II
But we get the same error in 16.2 even if we use Secure mode!

Baskar
Extreme Employee
As I said ExtremeXOS 16.1 and earlier versions using DSA, the later versions like 16.2 and 21.1 ExtremXOS generates more secure using RSA keys.

thank you

GTM-P2G8KFN