发表新帖
发表新帖

Unable to negotiate with XX.XXX.XX.XX: no matching host key type found. Their offer: ssh-dss

后端 未结
关注
7 999
自闭症患者
自闭症患者 2020-12-02 05:22

I am trying to create a git repository on my web host and clone it on my computer. Here\'s what I did:

  1. I created a repository on the remote server.
  2. I
7条回答
  • 难免孤独
    难免孤独 (楼主)
    2020-12-02 06:08

    I want to collaborate a little with the solution for the server side. So, the server is saying it does not support DSA, this is because the openssh client does not activate it by default:

    OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.

    So, to fix this this in the server side I should activate other Key algorithms like RSA o ECDSA. I just had this problem with a server in a lan. I suggest the following:

    Update the openssh:

    yum update openssh-server

    Merge new configurations in the sshd_config if there is a sshd_config.rpmnew.

    Verify there are hosts keys at /etc/ssh/. If not generate new ones, see man ssh-keygen.

    $ ll /etc/ssh/
total 580
-rw-r--r--. 1 root root     553185 Mar  3  2017 moduli
-rw-r--r--. 1 root root       1874 Mar  3  2017 ssh_config
drwxr-xr-x. 2 root root       4096 Apr 17 17:56 ssh_config.d
-rw-------. 1 root root       3887 Mar  3  2017 sshd_config
-rw-r-----. 1 root ssh_keys    227 Aug 30 15:33 ssh_host_ecdsa_key
-rw-r--r--. 1 root root        162 Aug 30 15:33 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys    387 Aug 30 15:33 ssh_host_ed25519_key
-rw-r--r--. 1 root root         82 Aug 30 15:33 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys   1675 Aug 30 15:33 ssh_host_rsa_key
-rw-r--r--. 1 root root        382 Aug 30 15:33 ssh_host_rsa_key.pub

    Verify in the /etc/ssh/sshd_config the HostKey configuration. It should allow the configuration of RSA and ECDSA. (If all of them are commented by default it will allow too the RSA, see in man sshd_config the part of HostKey).

    # HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

    For the client side, create a key for ssh (not a DSA like in the question) by just doing this:

    ssh-keygen

    After this, because there are more options than ssh-dss(DSA) the client openssh (>=v7) should connect with RSA or better algorithm.

    Here another good article.

    This is my first question answered, I welcome suggestions :D .

    0 讨论(0)
 看不清?
提交回复
热议问题