[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SUPPORT REQUEST] Configuration of libssh host key algos on client
[Thread Prev] | [Thread Next]
- Subject: Re: [SUPPORT REQUEST] Configuration of libssh host key algos on client
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 25 May 2020 18:42:25 +0200
- To: libssh@xxxxxxxxxx
On Mon, 2020-05-25 at 15:52 +0000, Sebastian Kraust wrote: > Hello libssh-team, > > I am currently working on a project using libssh under the hood, but > have problems to get it to work. I hope you can provide some help. > > Task > Write a client for an existing server which cannot be > changed/configured by me. > > Approach > Connect to the server using the function `ssh_connect`. > > Error > kex error : no match for method server host key algo: server [ssh- > rsa], client [ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2- > nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256] > > Problem > Due to the restriction that I can only change the client side, I have > to change the client so that it accepts the ssh-rsa algo. > According to the docs, it should be capable of doing so. > > Troubleshooting so far > Added > PubkeyAcceptedKeyTypes ssh-ed25519*,ssh-rsa*,ssh-dss*,ecdsa-sha2 > to /etc/ssh/sshd_config to allow every algo on the client side. > > I still get the same error. I do believe that the config might not be > the correct file to configure libssh. > > Can you give me some direction where I have to configure libssh so > that the client also accepts the ssh-rsa algorithm? If you need more > information, please let me know. The server is configured to accept only secure algorithms (eddsa, ecdsa and rsa with sha2 -- rsa-sha2-512,rsa-sha2-256). You probably configured your client to use only the old (ssh-rsa), which is not compatible with the new ones (and not considered secure anymore). If you need some backward compatibility with old server, append the SHA2 (rsa-sha2-512,rsa-sha2-256) algorithms, otherwise use only them. Regards, Jakub > Thanks for your help in advance. > > > Mit freundlichen Grüßen / Best regards > > i.A. Sebastian Kraust > Forschungsingenieur / Research Engineer > > b-plus GmbH > Osterhofener Str. 13 | 93055 Regensburg > Tel +49 941 46624 208 | Fax +49 991 270302 99 > sebastian.kraust@xxxxxxxxxx > > Besucheradresse / Visitor address: > b-plus automotive GmbH > Osterhofener Str. 13, 93055 Regensburg, Germany > > Website<http://www.b-plus.com/> | XING< > https://www.xing.com/companies/b-plusgmbh> | FACEBOOK< > https://www.facebook.com/bplusGmbH/> | LinkedIn< > https://www.linkedin.com/company/b-plus-gmbh/> > [cid:image003.jpg@01D632BD.3948FA20]< > https://www.b-plus.com/de/news-events/newsansicht/article/b-plus-gehoert-zu-bayerns-best-50.html > > > > b-plus GmbH > Geschäftsführer / Managing Director: Dipl.-Ing.(FH) Michael Sieg > Gerichtsstand /Handelsregister / Place of jurisdiction / Commercial > register: HRB 1753 Deggendorf / Germany > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > Informationen. Wenn Sie nicht der richtige Adressat sind oder diese > E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den > Absender und löschen Sie diese Mail. Das unerlaubte Kopieren sowie > die unbefugte Weitergabe dieser Mail ist nicht gestattet. > This e-mail may contain confidential and/or privileged information. > If you are not the intended recipient (or have received this e-mail > in error) please notify the sender immediately and delete this e- > mail. Any unauthorized copying, disclosure or distribution of the > contents in this e-mail is strictly forbidden. > -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
| AW: [SUPPORT REQUEST] Configuration of libssh host key algos on client | Sebastian Kraust <sebastian.kraust@xxxxxxxxxx> |
| [SUPPORT REQUEST] Configuration of libssh host key algos on client | Sebastian Kraust <sebastian.kraust@xxxxxxxxxx> |