I want to login to a remote site <aaaaa.bbbbbbbb.cc> using 'ssh'.
The response I get is "Unable to negotiate with <nnn.nnn.nnn.n> port <nn>:
no matching host key type found. Their offer: ssh-rsa,ssh-dss".
Yesterday, I updated 'openssh' :

Installed versions: 8.8_p1-r4^t([2021-12-25 06:12:24])
(X ssl -X509 -audit -debug -hpn -kerberos -ldns -libedit -livecd -pam -pie -scp -sctp -security-key -selinux -static -test -xmss ABI_MIPS="-n32" KERNEL="linux")

Occasionally, I have had a similar problem trying to do this,
but ordinarily it has worked smoothly.

Does anyone have helpful suggestions how to get past the blockage ?

--
========================,,============================================
SUPPORT ___________//___, Philip Webb
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto
TRANSIT `-O----------O---' purslowatchassdotutorontodotca

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 2021-12-26 at 11:42 -0500, Philip Webb wrote:

I want to login to a remote site <aaaaa.bbbbbbbb.cc> using 'ssh'.
The response I get is "Unable to negotiate with <nnn.nnn.nnn.n> port
<nn>:
no matching host key type found. Their offer: ssh-rsa,ssh-dss".
Yesterday, I updated 'openssh' :

  Installed versions:  8.8_p1-r4^t([2021-12-25 06:12:24])
   (X ssl -X509 -audit -debug -hpn -kerberos -ldns -libedit -livecd -
pam -pie -scp -sctp -security-key -selinux -static -test -xmss ABI_MIPS="-n32" KERNEL="linux")

Occasionally, I have had a similar problem trying to do this,
but ordinarily it has worked smoothly.

Does anyone have helpful suggestions how to get past the blockage ?

Hi,

Have you looked at news 2021-10-08-openssh-rsa-sha1[1]


Could be related.

Regards,
Branko

[1] https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=8dea6aa24c3ec9ee9a391fb602733c1a803a1ad1

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 26 Dec 2021 11:42:41 -0500, Philip Webb wrote:

I want to login to a remote site <aaaaa.bbbbbbbb.cc> using 'ssh'.
The response I get is "Unable to negotiate with <nnn.nnn.nnn.n> port
<nn>: no matching host key type found. Their offer: ssh-rsa,ssh-dss". Yesterday, I updated 'openssh' :

It sounds like the host may be running an old version of sshd that only
offers ciphers that are now disabled by default in newer releases. You
can get round this by enabling those ciphers for this host, with
something like this in ssh_config

Host aaaaa.bbbbbbbb.cc
Ciphers +ssh-rsa


--
Neil Bothwick

Last words of a Windows user: = Why does that work now?

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE8k9T/rX16EJxEKG692eFu0QSMJgFAmHIn78ACgkQ92eFu0QS MJgzjg/9E1iVhJxlU8guHB1+S/N8slsJADS4cZakwU2cBdu2DL4AHRlTEhfNSU3W CudPLFpbkkNMfYJv0GV9QHWK6bDVSRHhTeAN9CwLZh5UR87f0TyR8nv2jExcjxDy 0CXi7C42jSYG0wXTTqINli9MVdh/+qu6nxbqzC9hK6JfjrlZt3O79Qax67gUl++u bQSegIXefvbYvGOWspIt29/44bL1CA5AqOAP+Ma39igbOrcRY8K9OoqU4vj3j/c5 gx3GLAch6Hs7MCx8w+SK8iKHvNzzWveKOOA3B8U2nx/v5rTyWwZAmGNq03S+8wam psez/vFbd5jxq7YWQdbc3Pth4/srgpVZy4o8jlR06cIUQn65f+hHTO+XBdoWOH0J /cs8+IfZbDTK7AuCoiiOXl4zO4GV5Em7Ijsbin3T+5JcIRkPwc58H1IPvyCDL5U+ xUt9YrvDJpOoU377LciBaKvOB8Vy0BfTPW1Kn3QTyOEMrWthsUPBysNht4+vWg74 iCxkrzOYzgDXMrr94S9CqOQszvQ0OC5+P2Od17PH+oNVouMDIHnHd+t8zVDgjYz8 rZkDIKvmmS0SWHIkpe+hPgz5vRTHV/d9LI+GgAsYMQn4N+CYGza3sQGKcy2pbN5O DPb2YRweZq13q5PkV6OMWydtsX7+cTI7orp2yWpVelsC3By9Dkk=
=6l/B
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sunday, 26 December 2021 17:00:46 GMT Neil Bothwick wrote:

On Sun, 26 Dec 2021 11:42:41 -0500, Philip Webb wrote:

I want to login to a remote site <aaaaa.bbbbbbbb.cc> using 'ssh'.
The response I get is "Unable to negotiate with <nnn.nnn.nnn.n> port
<nn>: no matching host key type found. Their offer: ssh-rsa,ssh-dss".

Yesterday, I updated 'openssh' :

It sounds like the host may be running an old version of sshd that only offers ciphers that are now disabled by default in newer releases. You
can get round this by enabling those ciphers for this host, with
something like this in ssh_config

Host aaaaa.bbbbbbbb.cc
Ciphers +ssh-rsa

The initial error is about "no matching host key type", so the option needed would be:

HostKeyAlgorithms +ssh-rsa

After which another error may pop up, probably about Ciphers. ;-)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAmHIr3wACgkQseqq9sKV Zxl7nBAAkhpNHHeb8eHoiE/A/5hKsopnlt24h5X7H4zSJyEfE/oWTt9ChIwdhd/g sVo59hs/ydNhv4YYAWO0i602DMU/Gg5ThQYLKj0RG7K9z0WbgGcuM9EnLK6coK4B Ks9ctZDvK5b/XzE+ysbvN6NEIC4m/z/+3RRbMrgZOgrEJha4smPFM/7yL5H9vPUs G0G0jW86t9ANhV/WV/6cHijha5KzYtK/OGLahvy4g8a6vMdMIMEFv0sPee1Ih3ZH WI2+kTJdWoLcCVtNEIcYMcQ7LvubUD8kEZGwHUDmB5tMhb8PdjL+KpNXKQFeNoD9 t2Qjx/h9MjGN43kzqixk5bviLyfFRfa+VKmS32ETs/GG0tM3C257EdbIUVvwBVrf tljCghAwpxK7X4Uu8OHjuReOfYzK6ftmr3K2PuaO82vj1rCGwyNRX6ea2JwBjvi5 tNqdWS/ybiSY8xpXYbsf2iIv/3ljj8tfygFk5vhSze6vdl6+Iybimj8JjhfekUop Uv9tGrW0zActxX75T/jJhyLsQQuaVDksz+uuEkgosnQidXekeYY+iV5DvZVXln+H wUeXUHJbEH3Dxf9OWff+StLyemxupTNUAsDUYPor0i7UFryCgpuFDw0zPh/WmJmG o/2RsNbsdB9YODAByzILRkOAUvZ9hJ7IbTbOP5Vcr//nWYxrsDw=
=/DgZ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 12/26/21 9:42 AM, Philip Webb wrote:

I want to login to a remote site <aaaaa.bbbbbbbb.cc> using 'ssh'.
The response I get is "Unable to negotiate with <nnn.nnn.nnn.n> port <nn>:
no matching host key type found. Their offer: ssh-rsa,ssh-dss".
Yesterday, I updated 'openssh' :

Michael's pointing in the proper direction.

Check out the OpenSSH Legacy Options page for more details. I've
successfully used this information to log into Red Hat 5.x from the
'90s. (Not contemporary RHEL.)

Link - OpenSSH: Legacy Options
- https://www.openssh.com/legacy.html

Note: This works exceedingly well in the ssh client config file
(~/.ssh/config or /etc/ssh/ssh_config). Using the config file means
that anything that uses OpenSSH commands benefits from and inherits the configuration parameters; rsync, git, what have you.



--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 26 Dec 2021 18:07:56 +0000, Michael wrote:

Host aaaaa.bbbbbbbb.cc
Ciphers +ssh-rsa

The initial error is about "no matching host key type", so the option
needed would be:

HostKeyAlgorithms +ssh-rsa

You're right, I was looking at the wrong file when I looked for how I
dealt with this a while ago.


--
Neil Bothwick

Top Oxymorons Number 21: "Now, then ..."

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE8k9T/rX16EJxEKG692eFu0QSMJgFAmHIzIkACgkQ92eFu0QS MJiLwBAAtdfpYgEHDt5LFSADldrV/U7d1K+h2mim1gM0l4GERZuu9NSua1mm2IQu mwWBsC2vhgZ6Zw9CNaz5Yflpq/5P+Ptnzn1W0P/VMChjICV6OGBkdrcHz+9+iIKi z5mdmOolGEUf6hR9KpzvEyRAAZiOx0+HQ43RCiLPmNTeGBP5qLVgnzrGc2FFz0/z Z3DJbk1gJpui/KdXc0soUuptqUcnlMkBzDpBdPUjgA8Zd0FhW7nXMKmbVRdtf8kP GB2N2R1lDQ3VofFOMzJpCwnuQjuW4CF3G6cUhut/Q6UWv5Pmdg4Cfy4dnV7AcNPs RhMOhh48x1RPKyWNp0VFjur6tj1ZSj5Ou4H9Ha/AwSUHCPx/6azziMngxyYOjQ1a SGAhPrbAJ7OV2pnfBoLXo8T76e5+TiwKODJI1WGD+Nx7/PojsdA2cJi927LybGHt if1g1P2U0hE2Z653dC0a91vjUqiY5KKlzEUkJa/Og4iVge+k5EPCYsUR98sh3lPG gYXrEyQKh0l/3/1IWk9ZZXYDV88uZAnDd3XInZqJrrz/N+nl9CzOnp0zG+5gWefE Gq1EOqNrnNKzhzjeVYfj7+afXgzdZgtxa11XLP5V5LyCBo5bwCfkU2QqIMmcX81+ F2NmFfTI984KBvGWFDMbM2QTtEQk73whqpzpGJfeoLNvoAgaHvE=
=qiBJ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

211226 Michael wrote:

On Sun, 26 Dec 2021 11:42:41 -0500, Philip Webb wrote:

I want to login to a remote site <aaaaa.bbbbbbbb.cc> using 'ssh'.
The response I get is "Unable to negotiate with <nnn.nnn.nnn.n> port
<nn>: no matching host key type found. Their offer: ssh-rsa,ssh-dss".
Yesterday, I updated 'openssh' :

It sounds like the host may be running an old version of sshd
that only offers ciphers that are now disabled by default in newer releases. You can get round this by enabling those ciphers for this host,
with something like this in ssh_config : 'HostKeyAlgorithms +ssh-rsa'.

Thanks to all the respondents : adding that line makes it work again.
I've made a note of the Ssh help site & updated by own nn too.

--
========================,,============================================
SUPPORT ___________//___, Philip Webb
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto
TRANSIT `-O----------O---' purslowatchassdotutorontodotca

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)