OpenSSL – ssh to legacy systems

Unable to negotiate with 192.168.100.18 port 22: no matching host key type found. Their offer: ssh-dss

# Then you add option #

ssh -oHostKeyAlgorithms=+ssh-dss 

...and you got another error...
Unable to negotiate with 192.168.100.18 port 22:
no matching cipher found. Their offer:
aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc

then you add more options,.. you got more errors...and so on...

This fix all SSH login negotiation errors by adding all outdated alogorithams. (there are reasons why this protocols are removed. Use it with caution and DO NOT USE IN PRODUCTION)

{
echo -n 'Ciphers '
ssh -Q cipher | tr '\n' ',' | sed -e 's/,$//'; echo

echo -n 'MACs '
ssh -Q mac | tr '\n' ',' | sed -e 's/,$//'; echo

echo -n 'HostKeyAlgorithms '
ssh -Q key | tr '\n' ',' | sed -e 's/,$//'; echo

echo -n 'KexAlgorithms '
ssh -Q kex | tr '\n' ',' | sed -e 's/,$//'; echo

} >> ~/.ssh/config

Leave a Reply

Your email address will not be published.

Posted by: lesorsier on

Tags: , , ,

seo reseller