Applicable to:
- SolusVM 2
Symptoms
Migration from Centos 6 to Almalinux 9 KVM node fails in SolusVM:
SVM_ERROR: OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to 203.0.113.2 [203.0.113.2] port 456.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /usr/local/solusvm/tmp/32554migrate_private_ssh_key type -1
debug1: identity file /usr/local/solusvm/tmp/32554migrate_private_ssh_key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: compat_banner: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to 203.0.113.2:456 as 'root'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 203.0.113.2 port 456: no matching host key type found. Their offer: ssh-rsa,ssh-dss
Cause
RHEL 9 based OSes(i.e. Almalinux 9) do not support ssh-rsa key type
Resolution
- Connect to Almalinux 9 node via SSH
- Add the following in /etc/ssh/ssh_config:
CONFIG_TEXT: Host *
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms=+ssh-rsa - Set legacy cryptographic policy:
# update-crypto-policies --set LEGACY
Comments
0 commentsPlease sign in to leave a comment.