15

I have a shell server on an embedded system (It's a 32Bit ARMel system). When I go to login to it, I use:

$ ssh root@ip 
Unable to negotiate with ip port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

I tried to give it one of the expected cypher types with the -c option:

$ ssh -c ssh-dss root@ip 
Unknown cipher type 'ssh-dss'

or:

$ ssh -c ssh-rsa root@ip
Unknown cipher type 'ssh-rsa'

So I'm not sure what to do next. I have a UART serial console I can send commands to, but I'd rather be on SSH. I know it's running the service, but I don't know how to log in to it.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
j0h
  • 3,617

4 Answers4

22

I see this a lot with legacy Cisco embedded systems whose firmware can no longer be upgraded to modern ssh standards.

In addition to Host Key Algorithm, you may need to use an obsoleted Key Exchange Algorithm, and/or Cipher specification as well.

Bash Example:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1\
 -oHostKeyAlgorithms=+ssh-rsa\
 -oCiphers=+aes256-cbc\
 <user>@asa5505

The good news is that OpenSSH (what I use) usually tells me what algorithms or cyphers are being offered - otherwise I might have to do a lot of trial and error.

If I do, available protocols can be listed in OpenSSH with:

ssh -Q [ciphers|hostkeyalgorithms|kexalgorithms|...]

Update: As there seems a lot of interest in doing this using ssh_config (thanks, Bob,Z,et al), I will provide an example for that method:

############################################
# ~/.ssh/config
Host 'asa5505*'
        KexAlgorithms +diffie-hellman-group1-sha1
        HostKeyAlgorithms +ssh-rsa
        Ciphers +aes128-cbc

Because these protocols have been deprecated for security reasons, you should restrict default usage with a "Host" or "Match" qualification so they are only used on those legacy targets that require them.

Likewise, you should avoid putting these exceptions into /etc/ssh/ssh_config or under /etc/ssh/ssh_config.d/ unless your intent is to have all current and future users utilize them by default.

For all the gritty details, see:

man ssh_config
Frobozz
  • 421
  • yeah, its a 32 bit armel system, but Im still thinking I may try to compile a newer version of ssh. – j0h Nov 27 '22 at 18:22
  • 1
    Not even an option on my Cisco routers, @j0h. But, as long as OpenSSH keeps supporting the obsoleted ciphers/algorithms, I wouldn't even bother. I just write a macro for connecting to each of them and forget about it. – Frobozz Nov 27 '22 at 18:40
  • 3
    @Frobozz You should be able to save server-specific client configs in ssh_config. – Bob Nov 28 '22 at 05:47
  • An ssh_config example would be good to have here for posterity. I'll add one. Thanks, @Bob. – Frobozz Nov 29 '22 at 16:59
17

Try using this:

ssh -oHostKeyAlgorithms=+ssh-rsa root@ip

Notes:

Vlastimil Burián
  • 28,462
csx4
  • 361
  • 2
  • 6
  • 3
    Would be interesting to find out why this even needed. Apparently openssh knows which algo is required because the server tells it so, and it has the support, so why a special setting is required to connect? Is it considered insecure? – Andrew Savinykh Nov 27 '22 at 23:57
  • 9
    @AndrewSavinykh Yes, modern SSH clients will refuse to use outdated crypto (e.g. anything based on sha1) by default, while those old algorithms are the only ones supported by legacy devices. You have to manually opt in by telling the client "yes, I know this is kinda insecure, connect anyway, it's still better than telnet". (That's still way better than enabling old crypto globally as that would also enable downgrade attacks on connections to servers that are perfectly capable of modern crypto.) – TooTea Nov 28 '22 at 08:38
  • 2
    Slightly confusingly, multiple "algorithms" can be used with the same key. So "ssh-rsa" keys are still fine in the default configuration, but the "ssh-rsa" algorithm is not because it uses sha1 based signatures. – plugwash Nov 28 '22 at 17:47
5

It also depends on what you're running on your own machine. If you're running something like Arch or Fedora36+, which is on OpenSSL3.0, then older algorithms have been deprecated or disabled. I've had to include this configuration inside my ssh config being on 3.0 connecting to older servers:

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Z McCrocklin
  • 51
0

A neat trick, that works as of now and could help the backward compatibility if the algorithms ever get removed from OpenSSH, is using a container of an older Linux distro image.

There is more overhead (although the container could be kept around at the cost of a few tens MB), and with possible security risks (possibly unmatained OpenSSH versions) that may or may not be acceptable.

Here's a one-liner, with its own limitations:

docker run --rm -it debian:jessie sh -c 'apt-get update && apt install -y --force-yes openssh-client && ssh the_host

rems4e
  • 115