You are not logged in.
- Topics: Active | Unanswered
#1 2024-07-01 20:06:52
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,673
- Website
Legacy key types openssh-9.8p1-1 does not work as advertised [solved]
I am trying and failiing to use a legacy host key algorithm with ssh after updating to openssh-9.8p1-1. The upstream Changelog references this document which advises connecting like this but I get the following error:
% ssh -oHostKeyAlgorithms=+ssh-dss -i ~/.ssh/godaddy myuser@my.godaddy.host.com
command-line line 0: Bad key types '+ssh-dss'.Yet the godaddy host offers ssh-dss:
% ssh -i ~/.ssh/godaddy myuser@my.godaddy.host.com
Unable to negotiate with xxx port 22: no matching host key type found. Their offer: ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.comAny thoughts are appreciated.
Last edited by graysky (2024-07-02 10:07:33)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#2 2024-07-01 20:53:11
- WorMzy
- Administrator
- From: Scotland
- Registered: 2010-06-16
- Posts: 12,569
- Website
Re: Legacy key types openssh-9.8p1-1 does not work as advertised [solved]
https://www.openssh.com/txt/release-9.8
the DSA signature algorithm is now disabled at compile time.
DSA support may be re-enabled in OpenBSD by setting "DSAKEY=yes"
in Makefile.inc. To enable DSA support in portable OpenSSH, pass
the "--enable-dsa-keys" option to configure.
EDIT: moving to Networking/Server/Protection.
Last edited by WorMzy (2024-07-02 14:12:40)
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Online
#3 2024-07-02 10:07:11
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,673
- Website
Re: Legacy key types openssh-9.8p1-1 does not work as advertised [solved]
Thanks WorMzy - missed that.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#4 2024-07-02 14:23:14
- jeremyjjbrown
- Member
- Registered: 2024-07-02
- Posts: 2
Re: Legacy key types openssh-9.8p1-1 does not work as advertised [solved]
My gross solution to this, in case it helps anyone get back to work, is to have a libvirt vm with a distro that has a pinned openssh where ssh-dds still works and proxy jump into the rickety old boxes my org will not update.
Last edited by jeremyjjbrown (2024-07-02 14:23:31)
Offline
#5 2024-08-09 12:45:16
- oflaherty
- Member
- Registered: 2024-08-09
- Posts: 1
Re: Legacy key types openssh-9.8p1-1 does not work as advertised [solved]
@jeremyjjbrown could you add instructions on how to create a vm with libvirt, what distro you use, and how to proxy jump? This is a popular Google result, so instructions would probably be valuable to people. I know they would be for me. 
Offline