This is a problem with older devices.. and some host (here you will find solution and why happened):
Unable to negotiate with 192.168.8.109 port 22: no matching host key type found. Their offer: ssh-dss
The problem is that such algoritm was deprecated becouse nowadays the current computers are enought powerfully to breack such encription.. so developers deprecated and eliminated in flavoour of some more hard to beat.
But we can do to connect it? well there are two kind of solutions, the most compatible and weak and the most secure and less compatible.
SOLUTION MORE WEAK BUT COMPATIBLE:
Just add -oHostKeyAlgorithms=+ssh-dss to the ssh command line when you try to connect.. or add HostKeyAlgorithms=+ssh-dss to the ssh options per hots in the config file at $HOME/.ssh/config or /etc/ssh/ssh_config.!
This option is the less secure but is the most compatible! The most older devices will only accept this option.
SOLUTION MORE SECURE BUT LESS COMPATIBLE!
Just add -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa to the ssh command line when you try to connect.. or add HostKeyAlgorithms +ssh-dss and PubkeyAcceptedKeyTypes +ssh-rsa also to the ssh options per hots in the config file at $HOME/.ssh/config or /etc/ssh/ssh_config.!
This option is the most secure secure but is the less compatible! The most older devices will never accept this option.
EXPLANATION
Default configurations of some newer SSH clients have dropped support for older signature algorithms used during the authentication process. Affected SSH clients are unable to complete authentication and an error is displayed.
Why RSA evnet DSA for workaround? While ssh-rsa is insecure when signing arbitrary (i.e. attacker-controlled) data, that doesn’t help an attacker in this case. In the context of an SSH handshake, ssh-rsa signature algorithm does not present a vulnerability that can be exploited to decrypt traffic or impersonate another user.
No hay comentarios.:
Publicar un comentario
no stupid winbuntu users allowed!