====== Mar 8 2023 SSH Error no hostkey alg ======
When connecting via SSH from an older OS, there may be cases where connections cannot be made due to the following error:
From RHEL6 to RHEL8, for example,
The RHEL6 side needs to support ECDSA connections.
Although there is a need to run commands like "make," it's possible that following [[#3. Update the client's SSH]] is the simplest solution.
===== Error =====
$ ssh 10.10.0.25
no hostkey alg
===== Solution =====
==== 1. How to create ECDSA keys ====
ssh-keygen -t ecdsa -b 256
The private key and public key are these:
$ ls .ssh/id_ecdsa*
.ssh/id_ecdsa .ssh/id_ecdsa.pub
==== Settings for connecting using ECDSA ====
You can use password authentication with this method.
If set to connect using ECDSA, the connection will be possible.
Host 10.10.0.25
HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
==== Wildcards can also be used ====
Host 10.10.10.*
HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
===== 2. Server-side solution =====
==== Add to sshd_config ====
cat << __EOM__ >> /etc/ssh/sshd_config
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
__EOM__
==== sshd restart ====
systemctl restart ssh.service
===== 3. Update the client's SSH =====
From here, download the new version of OpenSSH.
[[http://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/]]
$ tar zxvf openssh-8.0p1.tar.gz
$ cd openssh-8.0p1
$ ./configure
$ make
# cp ssh /usr/local/bin/ssh
Write it as an alias.
$ cat .bashrc
alias ssh='/usr/local/bin/ssh'
$ ssh -V
OpenSSH_9.2p1, OpenSSL 1.0.2k-fips 26 Jan 2017
{{tag>Diary SSH}}