OpenSSL – ssh to legacy systems
Unable to negotiate with 192.168.100.18 port 22: no matching host key type found. Their offer: ssh-dss
# Then you add option #
ssh -oHostKeyAlgorithms=+ssh-dss
...and you got another error...
Unable to negotiate with 192.168.100.18 port 22:
no matching cipher found. Their offer:
aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc
then you add more options,.. you got more errors...and so on...
This fix all SSH login negotiation errors by adding all outdated alogorithams. (there are reasons why this protocols are removed. Use it with caution and DO NOT USE IN PRODUCTION)
{
echo -n 'Ciphers '
ssh -Q cipher | tr '\n' ',' | sed -e 's/,$//'; echo
echo -n 'MACs '
ssh -Q mac | tr '\n' ',' | sed -e 's/,$//'; echo
echo -n 'HostKeyAlgorithms '
ssh -Q key | tr '\n' ',' | sed -e 's/,$//'; echo
echo -n 'KexAlgorithms '
ssh -Q kex | tr '\n' ',' | sed -e 's/,$//'; echo
} >> ~/.ssh/config
previous - next
Tags: openssl, ssh, ssh legacy, ssh-dss
Leave a Reply