unable to negotiate with port 22 no matching key exchange method found

SOLVED !!! Unable to negotiate with 192.168.1.100 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

If you are facing such issue during ssh login on Linux remote login, So I am sure this solution is for you.

It works and helps to solve ‘Unable to negotiate with 192.168.1.100 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss’ on all flavor of Linux operating systems such as Ubuntu 22.04.1 LTS or CentOS etc.

It’s also important to know the reason why users are encountering this issue so the reason behind this that when we try to make an ssh connection, during that time the Server and the client try to negotiate a secure connection using encryption method. that uses an encryption method both the server and the client support.

OpenSSH on older OS versions like Centos 6 and Ubuntu 18.04 supports the old encryption standards ‘ssh-rsa and ssh-dss’. These type of encryption standards are now outdated and potentially dangerous also.

Therefore, the new version of OpenSSH disables these encryptions by default.

The new encryption method commonly used is ‘ssh-ed25519, ecdsa-sha2′.

So now the questions arises that what we can do to solve this issue? what can be the easiest solution without doing any major modifications on our exiting IT infrastructure ?

To solve this error, we have to configure our ssh client on user side machine it may be new version of linux Operating System based machine where old encryption standards ‘ssh-rsa and ssh-dss’ are not allowed, So to continue our work with old IT infrastructure we have to ‘accept the old encryption standards like ssh-rsa or ssh-dss’, and you are also agreed with this let’s see how to do that.

Steps:

Enable dss or rsa encryption for ssh service on your client machine using with new latest Linux OS version.

Open the config file under .ssh folder of the particular client side machine like this vi .ssh/config

#~/.ssh/config

#vi config

Then add the following content to the config file on new client machine to enable ssh access using ssh-rsa tossh-dss support.

Host *
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

It’s done now you can try to ssh again and check it will work.

#ssh -X user@192.168.1.10

Thanks..

However this another way of solving also works temporarily but it’s bit difficult every time to type this..
#ssh -X -oHostKeyAlgorithms=+ssh-dss  user@192.168.1.10.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *