SSH returns: no matching host key type found. Their offer: ssh-dss
The version of OpenSSH included in 16.04 disables ssh-dss. There's a neat page with legacy information that includes this issue: http://www.openssh.com/legacy.html
In a nutshell, you should add the option -oHostKeyAlgorithms=+ssh-dss
to the SSH command:
ssh -oHostKeyAlgorithms=+ssh-dss [email protected]
You can also add a host pattern in your ~/.ssh/config
so you don't have to specify the key algorithm every time:
Host nas
HostName 192.168.8.109
HostKeyAlgorithms=+ssh-dss
This has the added benefit that you don't need to type out the IP address. Instead, ssh
will recognize the host nas
and know where to connect to. Of course you can use any other name in its stead.
Editing the ~/.ssh/config file is the best option. If you have a number of hosts to connect to on the same subnet you can use the following method to avoid entering each host in the file:
Host 192.168.8.*
HostKeyAlgorithms=+ssh-dss
This works great for me as I have a number of Brocade switches to manage and they started complaining about the Host key after I moved to Ubuntu 16.04.
If you want to use newer OpenSSH to connect to deprecated servers:
ssh -o KexAlgorithms=diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-dss my.host.com
Add -v if you want to see what's happening, and -o HostKeyAlgorithms=ssh-dss if it still doesn't work:
ssh -v -o HostKeyAlgorithms=ssh-dss -o KexAlgorithms=diffie-hellman-group14-sha1 my.host.com
You can also, of course, edit /etc/ssh/ssh_config or ~/.ssh/ssh_config, and add:
Host my.host.com *.myinsecure.net 192.168.1.* 192.168.2.*
HostKeyAlgorithms ssh-dss
KexAlgorithms diffie-hellman-group1-sha1
https://forum.ctwug.za.net/t/fyi-openssh-to-access-rbs-openssh-7/6069 mentions the following fix on Mikrotik Routerboards:
/ip ssh set strong-crypto=yes
(Nothing this here because this answer also comes up on web searches when looking for a similar error message.)