SSH - no matching host key type found
Hi all!
I'm for the moment a somewhat happy camper after installing MacOS Sierra. After a few hours, after the update, i was up for some ssh sessions to some of my servers and routers. Hmm, i can't connect to the boxes. What's up?
The first server responded with:
Unable to negotiate with <IPADDR> port 22: no matching host key type found. Their offer: ssh-dss
This issue was solved through a search on Google. The solution was (not to update the server, which i must do soon) to delete the remark pound "#" before the row that starts with "MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160" and add the row "HostkeyAlgorithms ssh-dss" last in the /etc/ssh/ssh_config file. Next i created a separat part for each server, that needs some legacy support
"Host <SRV>
KexAlgorithms diffie-hellman-group1-sha1"
The second server responded with:
Unable to negotiate with <IPADDR> port 22: no matching host key type found. Their offer: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519
This issue is also solved. This solution wasn't found on Google. I just thought this would work. I just added the algorithms "ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519" after the "HostkeyAlgorithms ssh-dss" (be sure to add a ",").
Question 1
Anyway...is there any security issues or other concerns that i should know with this lack of support, or is is just okey to add this in /etc/ssh/ssh_config file ?
Question 2
Which of this algos should not or should be used?
"HostkeyAlgorithms ssh-dss,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519"
Question 3
What is the best practice and recommended configuration for the /etc/ssh/ssh_config file?
All the best!
/J
MacBook Pro with Retina display, macOS Sierra (10.12), null