Hi,
Having problems connecting from a Red Hat 9 to openvms 8.4, getting "no matching host key type found. Their offer: ssh-dss".
legacy policy on RH doesn´t solve this.
Is it possible to update from ssh-dss to anything else that modern servers are allowed to connect to?
If possible i would not like to update TCPIP to version 6 at this moment.
What we are running:
HP TCP/IP Services for OpenVMS Industry Standard 64 Version V5.7 - ECO 5 on an HP rx2800 i2 (1.60GHz/5.0MB) running OpenVMS V8.4-2L3
SSH Secure Shell OpenVMS (V5.5) 3.2.0 on HP rx2800 i2 (1.60GHz/5.0MB) - VMS V8.4-2L3
//Niklas
SSH from RHEL9 to openvms 8.4
-
shael_richmond
- Member
- Posts: 5
- Joined: Fri Aug 06, 2021 4:22 pm
- Reputation: 0
- Status: Offline
Re: SSH from RHEL9 to openvms 8.4
I had to do this from a Solaris server and it worked.
ssh -oHostKeyAlgorithms=+ssh-dss user@hostname
If that works you can do the following
In .ssh/confg
Host hostname
HostName xx.xx.xx.xx
HostKeyAlgorithms=+ssh-dss
Shael Richmond
ssh -oHostKeyAlgorithms=+ssh-dss user@hostname
If that works you can do the following
In .ssh/confg
Host hostname
HostName xx.xx.xx.xx
HostKeyAlgorithms=+ssh-dss
Shael Richmond
-
craigberry
- Contributor
- Posts: 23
- Joined: Fri Nov 17, 2023 11:27 am
- Reputation: 1
- Status: Offline
Re: SSH from RHEL9 to openvms 8.4
Since you're on v8.4.2-L3, you do have the option of switching to OpenSSH. Test and read the release notes as there are few gotchas, but it does solve this kind of problem. See https://vmssoftware.com/products/openssh/ .
Re: SSH from RHEL9 to openvms 8.4
It's worth noting that future versions of OpenSSH will remove the ability to enable ssh-dss outright:
https://lwn.net/Articles/958048/
(Note that ssh-dss uses DSA keys)
https://lwn.net/Articles/958048/
(Note that ssh-dss uses DSA keys)
Re: SSH from RHEL9 to openvms 8.4
Code: Select all
> Since you're on v8.4.2-L3, you do have the option of switching to
> OpenSSH. [...]
Sounds to me like a good idea. Sadly, ...
The release notes for the latest OpenSSH version (V8.9-1H)
https://vmssoftware.com/openkits/i64opensource/I64VMS-OPENSSH-V0809-1H-1-RNOTES.PDF
list a requirement:
o For VSI OpenVMS I64 8.4-2L3, ECO VMS842L3I_RTL-V0600 or later
At ICOMMUNITY@vsiftp.vmssoftware.com under ECOKITS, all I see is
VMS842L3I_RTL-V0500, The Service Platform offers VMS842L3I_RTL-V0800,
but apparently not to a "Community" peon like me.
-
niklas
Topic author - Contributor
- Posts: 11
- Joined: Fri Oct 22, 2021 7:31 am
- Reputation: 0
- Status: Offline
Re: SSH from RHEL9 to openvms 8.4
adding "PubkeyAcceptedKeyTypes=+ssh-dss" to /home/username/.ssh/config
and using "KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss" when connecting solved this problem for us, we are now able to connect using ssh/sshfs to openvms.
and using "KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-dss" when connecting solved this problem for us, we are now able to connect using ssh/sshfs to openvms.
Re: SSH from RHEL9 to openvms 8.4
Code: Select all
> [...] Sadly, ...
Six months later, the latest OpenSSH version seems to have changed
from V8.9-1H to V8.9-1H01, but the (un)availability of the RTL ECO
hasn't.
Or am I missing something?