Sidebar

Translations of this page:



最近の更新



Tag Cloud

en:50_dialy:2022:03:08

Mar 8 2023 SSH Error no hostkey alg

When connecting via SSH from an older OS, there may be cases where connections cannot be made due to the following error:
From RHEL6 to RHEL8, for example,

The RHEL6 side needs to support ECDSA connections.

Although there is a need to run commands like “make,” it's possible that following 3. Update the client's SSH is the simplest solution.

Error

$ ssh 10.10.0.25
no hostkey alg

Solution

1. How to create ECDSA keys

ssh-keygen -t ecdsa -b 256

The private key and public key are these:

$ ls  .ssh/id_ecdsa*
.ssh/id_ecdsa  .ssh/id_ecdsa.pub

Settings for connecting using ECDSA

You can use password authentication with this method.
If set to connect using ECDSA, the connection will be possible.

.ssh/config

Host 10.10.0.25
    HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

Wildcards can also be used

.ssh/config

Host 10.10.10.*
    HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

2. Server-side solution

Add to sshd_config

cat << __EOM__ >> /etc/ssh/sshd_config
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
__EOM__

sshd restart

systemctl restart ssh.service

3. Update the client's SSH

From here, download the new version of OpenSSH.
http://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/

$ tar zxvf openssh-8.0p1.tar.gz
$ cd openssh-8.0p1
$ ./configure
$ make
# cp ssh /usr/local/bin/ssh

Write it as an alias.

$ cat .bashrc
alias ssh='/usr/local/bin/ssh'

$ ssh -V
OpenSSH_9.2p1, OpenSSL 1.0.2k-fips  26 Jan 2017
en/50_dialy/2022/03/08.txt · Last modified: 2023/06/21 12:53 by matsui