Unable to negotiate ssh2 key algorithm
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-22-2016 10:13 AM
We use Linux clients with ssh2 and they all have OpenSSH 7.0 or newer. When connecting to our EXOS switches we get this error:
Unable to negotiate with x.x.x.x port 22: no matching
host key type found. Their offer: ssh-dss
The switches use XOS 16.1.x and I have also tested with 16.2. Same result!
OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It is week and not recommended.
Because of this we need to disable ssh-dss on the switches but is it possible? I know that more ssh2 variables can be changed and configured in XOS 21.1 and when using 21.1 we don't get the error about ssh-dss. Great, but I have very few G2 switches so I have to stick with 16.x for a long time.
Ssh2 Secure mode have also been tested but it didn't solve the problem with ssh-dss.
Have anybody else any experience with this on XOS 16.2 or lower versions?
Unable to negotiate with x.x.x.x port 22: no matching
host key type found. Their offer: ssh-dss
The switches use XOS 16.1.x and I have also tested with 16.2. Same result!
OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It is week and not recommended.
Because of this we need to disable ssh-dss on the switches but is it possible? I know that more ssh2 variables can be changed and configured in XOS 21.1 and when using 21.1 we don't get the error about ssh-dss. Great, but I have very few G2 switches so I have to stick with 16.x for a long time.
Ssh2 Secure mode have also been tested but it didn't solve the problem with ssh-dss.
Have anybody else any experience with this on XOS 16.2 or lower versions?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-23-2016 09:42 AM
Hello lhuso,
Put next lines into your client's ssh config file "~/.ssh/config"
Host
HostKeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1
Best Regards,
Nikolay
Put next lines into your client's ssh config file "~/.ssh/config"
Host
HostKeyAlgorithms +ssh-dss
KexAlgorithms +diffie-hellman-group1-sha1
Best Regards,
Nikolay
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-23-2016 06:07 AM
I Belive configuring ssh will help us to resolve the issue (configure ssh2 key), because 16.2 has backward compatibility to DSA.
please let me know above one helped to resolve the issue.
please let me know above one helped to resolve the issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-22-2016 01:17 PM
But we get the same error in 16.2 even if we use Secure mode!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-22-2016 01:12 PM
As I said ExtremeXOS 16.1 and earlier versions using DSA, the later versions like 16.2 and 21.1 ExtremXOS generates more secure using RSA keys.
thank you
thank you
