VSI OpenVMS Forum

The official board to discuss OpenVMS-related topics
https://forum.vmssoftware.com/

SSH from RHEL9 to openvms 8.4

https://forum.vmssoftware.com/viewtopic.php?f=13&t=8945

Page 1 of 1

SSH from RHEL9 to openvms 8.4

Posted: Wed Jan 17, 2024 10:10 am
by niklas
Hi,

Having problems connecting from a Red Hat 9 to openvms 8.4, getting "no matching host key type found. Their offer: ssh-dss".
legacy policy on RH doesn´t solve this.

Is it possible to update from ssh-dss to anything else that modern servers are allowed to connect to?
If possible i would not like to update TCPIP to version 6 at this moment.

What we are running:

HP TCP/IP Services for OpenVMS Industry Standard 64 Version V5.7 - ECO 5 on an HP rx2800 i2 (1.60GHz/5.0MB) running OpenVMS V8.4-2L3

SSH Secure Shell OpenVMS (V5.5) 3.2.0 on HP rx2800 i2 (1.60GHz/5.0MB) - VMS V8.4-2L3

//Niklas

Re: SSH from RHEL9 to openvms 8.4

Posted: Wed Jan 17, 2024 10:28 am
by shael_richmond
I had to do this from a Solaris server and it worked.

ssh -oHostKeyAlgorithms=+ssh-dss user@hostname

If that works you can do the following
In .ssh/confg
Host hostname
HostName xx.xx.xx.xx
HostKeyAlgorithms=+ssh-dss


Shael Richmond

Re: SSH from RHEL9 to openvms 8.4

Posted: Wed Jan 17, 2024 5:52 pm
by craigberry
Since you're on v8.4.2-L3, you do have the option of switching to OpenSSH. Test and read the release notes as there are few gotchas, but it does solve this kind of problem. See https://vmssoftware.com/products/openssh/ .

Re: SSH from RHEL9 to openvms 8.4

Posted: Wed Jan 17, 2024 7:47 pm
by dmjb
It's worth noting that future versions of OpenSSH will remove the ability to enable ssh-dss outright:

https://lwn.net/Articles/958048/

(Note that ssh-dss uses DSA keys)

Re: SSH from RHEL9 to openvms 8.4

Posted: Wed Jan 17, 2024 8:45 pm
by sms

Code: Select all

> Since you're on v8.4.2-L3, you do have the option of switching to
> OpenSSH. [...]

   Sounds to me like a good idea.  Sadly, ...

   The release notes for the latest OpenSSH version (V8.9-1H)

      https://vmssoftware.com/openkits/i64opensource/I64VMS-OPENSSH-V0809-1H-1-RNOTES.PDF

list a requirement:

      o For VSI OpenVMS I64 8.4-2L3, ECO VMS842L3I_RTL-V0600 or later

   At ICOMMUNITY@vsiftp.vmssoftware.com under ECOKITS, all I see is
VMS842L3I_RTL-V0500,  The Service Platform offers VMS842L3I_RTL-V0800,
but apparently not to a "Community" peon like me.

Re: SSH from RHEL9 to openvms 8.4

Posted: Thu Jan 18, 2024 3:25 am
by niklas
adding "PubkeyAcceptedKeyTypes=+ssh-dss" to /home/username/.ssh/config
and using "KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss" when connecting solved this problem for us, we are now able to connect using ssh/sshfs to openvms.

Re: SSH from RHEL9 to openvms 8.4

Posted: Mon Feb 19, 2024 10:02 am
by sms

Code: Select all

> [...] Sadly, ...

   Six months later, the latest OpenSSH version seems to have changed
from V8.9-1H to V8.9-1H01, but the (un)availability of the RTL ECO
hasn't.

   Or am I missing something?
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/