Migration from Centos 6 to Almalinux 9 KVM node fails in SolusVM: no matching host key type found. Their offer: ssh-rsa,ssh-dss

Have more questions? Submit a request

Applicable to:

  • SolusVM 2

Symptoms

Migration from Centos 6 to Almalinux 9 KVM node fails in SolusVM:

SVM_ERROR: OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to 203.0.113.2 [203.0.113.2] port 456.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /usr/local/solusvm/tmp/32554migrate_private_ssh_key type -1
debug1: identity file /usr/local/solusvm/tmp/32554migrate_private_ssh_key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: compat_banner: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to 203.0.113.2:456 as 'root'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 203.0.113.2 port 456: no matching host key type found. Their offer: ssh-rsa,ssh-dss

Cause

RHEL 9 based OSes(i.e. Almalinux 9) do not support ssh-rsa key type

Resolution

  1. Connect to Almalinux 9 node via SSH
  2. Add the following in /etc/ssh/ssh_config:

    CONFIG_TEXT: Host *
    HostkeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms=+ssh-rsa

  3. Set legacy cryptographic policy:

    # update-crypto-policies --set LEGACY

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.