I’ve used rsync for years to update files at Bluehost. Since last night my ssh client has returned an error:
Unable to negotiate with xxx.xxx.xxx.xx port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
Any idea what is causing it? I regenerated the keys on the server and downloaded my private key into ~/.ssl/id_rsa at their support desks suggestion, but to no effect. I did upgrade to Fedora 36 prior to this. I installed PuTTY on a windows laptop to see if that worked and that connected fine.
Are you able to ssh to that same IP?
You should also check your .ssh/authorized_keys to confirm there is no conflict.
Thanks for the response. Yes, ssh to same IP address. Works on Windows/PuTTY, fails on Fedora. I’m using the same key-pair (I copied the private key from Fedora box to Windows). Before regenerating the keys, I deleted the old pair so I have just one key pair.
Try adding -o HostKeyAlgorithms=ssh-rsa
:
ssh -o HostKeyAlgorithms=ssh-rsa user@server.com
(mentioned in other thread)
Robin’s suggestion enabled me to ssh and rsync - but then it seemed to by-pass key exchange and just use password (presumably sent in plain text). My work around at the moment is that I’ve resuscitated an old NUC that has an earlier version of Fedora. I can ssh into that from my Fedora 36 machine and then ssh/rsync to BlueHost from the NUC! Convoluted, but it works. I assume it’s a problem with the 8.8 version of ssh in Fedora 36 talking to BlueHost’s ssd service
Glad it’s at least partially working. A couple of other things to try:
Add KexAlgorithms=diffie-hellman-group1-sha1
and PubkeyAcceptedKeyTypes=ssh-rsa
options:
ssh -o HostKeyAlgorithms=ssh-rsa \
-o KexAlgorithms=diffie-hellman-group1-sha1 \
-o PubkeyAcceptedKeyTypes=ssh-rsa \
user@example.com
You could also try making Fedora’s crypto policy less strict:
sudo update-crypto-policies --set LEGACY
And reboot.
To undo that crypto policy change (if it didn’t help):
sudo update-crypto-policies --set DEFAULT
And reboot
Good suggestion! It produced:
Their offer: diffie-hellman-group-exchange-sha256
I altered your example to -o KexAlgorithms=diffie-hellman-group-exchange-sha256
Now I can ssh in. I’m having no luck with incorporating your suggestion into my rsync command though. Any ideas?
Something like this:
rsync -aP -e 'ssh -o KexAlgorithms=diffie-hellman-group-exchange-sha256 -o HostKeyAlgorithms=ssh-rsa' username@example.com:path/to/dir/ to/local/dir
or, better, create a ~/.ssh/config
file containing:
Host example
HostName example.com
User username
IdentityFile ~/.ssh/id_rsa
HostKeyAlgorithms ssh-rsa
KexAlgorithms diffie-hellman-group-exchange-sha256
Then, these simpler invocations should work:
ssh example
rsync -aP example:path/to/dir/ to/local/dir
Complete success! Using the rsync command and simplifying using the ~/.ssh/config edit both worked fine. Thanks.