Cannot add to HostKeyAlgorithms when using ssh as client

Background

I have a router with OpenWRT on it. I used to be able to login to it using SSH (from my Fedora machines), but sometime last year it stopped after OpenSSH changed the default to not include RSA. I lived with it because the OpenWRT web UI was working fine for me. However now I need to debug some network issues, and having full console access would be really helpful.

Setup on the remote side

• OpenWrt 19.07.3 r11063-85e04e9f46
• Dropbear 2019.78-2
• public keys have been added via the web UI
• password login as root is enabled from the web UI

Problem and resolution attempts

1. When I try to login, I get this:

   $ ssh  root@192.168.1.1
   Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa
   

2. So I tried adding ssh-rsa like this, but I get the same results

   ssh -oHostKeyAlgorithms=+ssh-rsa root@192.168.1.1
   Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa
   

3. I can list the supported host key algorithms, and ssh-rsa is present

   $ ssh -Q hostkeyalgorithms | grep ssh-rsa
   ssh-rsa
   ssh-rsa-cert-v01@openssh.com
   

4. Adding -vvv leads me to the following (reformatted for readability):

   debug1: Local version string SSH-2.0-OpenSSH_9.0
   debug1: Remote protocol version 2.0, remote software version dropbear
   [...]
   debug2: local client KEXINIT proposal
   debug2: KEX algorithms: \
      curve25519-sha256,\
      curve25519-sha256@libssh.org,\
      ecdh-sha2-nistp256,\
      ecdh-sha2-nistp384,\
      ecdh-sha2-nistp521,\
      diffie-hellman-group-exchange-sha256,\
      diffie-hellman-group14-sha256,\
      diffie-hellman-group16-sha512,\
      diffie-hellman-group18-sha512,\
      ext-info-c
   debug2: host key algorithms: \
      ssh-ed25519-cert-v01@openssh.com,\
      ecdsa-sha2-nistp256-cert-v01@openssh.com,\
      ecdsa-sha2-nistp384-cert-v01@openssh.com,\
      ecdsa-sha2-nistp521-cert-v01@openssh.com,\
      sk-ssh-ed25519-cert-v01@openssh.com,\
      sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,\
      rsa-sha2-512-cert-v01@openssh.com,\
      rsa-sha2-256-cert-v01@openssh.com,\
      ssh-ed25519,ecdsa-sha2-nistp256,\
      ecdsa-sha2-nistp384,\
      ecdsa-sha2-nistp521,\
      sk-ssh-ed25519@openssh.com,\
      sk-ecdsa-sha2-nistp256@openssh.com,\
      rsa-sha2-512,\
      rsa-sha2-256
   debug2: ciphers ctos: \
      aes256-gcm@openssh.com,\
      chacha20-poly1305@openssh.com,\
      aes256-ctr,aes128-gcm@openssh.com,\
      aes128-ctr
   debug2: ciphers stoc: \
      aes256-gcm@openssh.com,\
      chacha20-poly1305@openssh.com,\
      aes256-ctr,aes128-gcm@openssh.com,\
      aes128-ctr
   [...]
   debug2: peer server KEXINIT proposal
   debug2: KEX algorithms: \
      curve25519-sha256,\
      curve25519-sha256@libssh.org,\
      diffie-hellman-group14-sha256,\
      diffie-hellman-group14-sha1,\
      kexguess2@matt.ucc.asn.au
   debug2: host key algorithms: ssh-rsa
   debug2: ciphers ctos: aes128-ctr,aes256-ctr
   debug2: ciphers stoc: aes128-ctr,aes256-ctr
   [...]
   debug1: kex: algorithm: curve25519-sha256
   debug1: kex: host key algorithm: (no match)
   Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa
   

As you can see, ssh-rsa is not in the list of host key algorithms for the client. When I can see it’s present, and readable by ssh:

$ ll -1 /etc/ssh/*.pub
-rw-r--r--. 1 root root 162 Jun 19  2021 /etc/ssh/ssh_host_ecdsa_key.pub
-rw-r--r--. 1 root root  82 Jun 19  2021 /etc/ssh/ssh_host_ed25519_key.pub
-rw-r--r--. 1 root root 554 Jun 19  2021 /etc/ssh/ssh_host_rsa_key.pub
$ ssh-keyscan localhost 2> /dev/null | grep -o ssh-rsa
ssh-rsa

What am I missing?

Try to create a RSA256, when I connect to mine dd-wrt I get:

RSA key fingerprint is SHA256

My Dropbear is v2020.80

Does it work using the legacy crypto policy?

I had the same problem and reported it in bug 2127765 (closed).
The error message is not correct, you can define the host key algorithm, but it will tell you it’s not there. But the key length is no longer accepted, you have to recreate the keys with ssh-keygen and >=2K length.

Thanks! This worked. I still have to add -oHostKeyAlgorithms=+ssh-rsa, which is good, for all other remote systems the policy is still the latest!

Good that it works!
See “man ssh_config” how to create a file ~/.ssh/config with configuration specific for one host. Then you can access every system without typing special options.

Done already

Host    openwrt
        User                    root
        HostName                192.168.1.1
        # needs: update-crypto-policies --set DEFAULT:FEDORA32
        HostKeyAlgorithms       +ssh-rsa