Configure OpenSSH server to use legacy public key algorithm to authenticate itself to an SSH client.
Operating system version.
$ lsb_release -a
No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04 LTS Release: 22.04 Codename: jammy
SSHD package version.
$ ssh -V
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
Try to connect using an older SSH client and observe log files.
[...] May 31 22:22:44 IdeaCentre sshd[33980]: debug1: Forked child 34086. May 31 22:22:44 IdeaCentre sshd[34086]: debug1: Set /proc/self/oom_score_adj to 0 May 31 22:22:44 IdeaCentre sshd[34086]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 May 31 22:22:44 IdeaCentre sshd[34086]: debug1: inetd sockets after dupping: 4, 4 May 31 22:22:44 IdeaCentre sshd[34086]: Connection from 172.16.151.114 port 49966 on 172.16.151.200 port 22 rdomain "" May 31 22:22:44 IdeaCentre sshd[34086]: debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3 May 31 22:22:44 IdeaCentre sshd[34086]: debug1: Remote protocol version 2.0, remote software version SSHJ_0.0.0_no.git May 31 22:22:44 IdeaCentre sshd[34086]: debug1: compat_banner: no match: SSHJ_0.0.0_no.git May 31 22:22:44 IdeaCentre sshd[34086]: debug1: permanently_set_uid: 128/65534 [preauth] May 31 22:22:44 IdeaCentre sshd[34086]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] May 31 22:22:44 IdeaCentre sshd[34086]: debug1: SSH2_MSG_KEXINIT sent [preauth] May 31 22:22:44 IdeaCentre sshd[34086]: debug1: SSH2_MSG_KEXINIT received [preauth] May 31 22:22:44 IdeaCentre sshd[34086]: debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth] May 31 22:22:44 IdeaCentre sshd[34086]: debug1: kex: host key algorithm: (no match) [preauth] May 31 22:22:44 IdeaCentre sshd[34086]: Unable to negotiate with 172.16.151.114 port 49966: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth] May 31 22:22:44 IdeaCentre sshd[34086]: debug1: do_cleanup [preauth] May 31 22:22:44 IdeaCentre sshd[34086]: debug1: monitor_read_log: child log fd closed May 31 22:22:44 IdeaCentre sshd[34086]: debug1: do_cleanup May 31 22:22:44 IdeaCentre sshd[34086]: debug1: Killing privsep child 34087 May 31 22:22:44 IdeaCentre sshd[34086]: debug1: audit_event: unhandled event 12 [...]
Display the public key algorithms accepted for an SSH server to authenticate itself to an SSH client.
$ sudo sshd -T | grep -i ^HostkeyAlgorithms
hostkeyalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
The client tries to use ssh-rsa
or ssh-dss
public key algorithms to authenticate SSH server, but these are already disabled.
OpenSSH 7.0 removed support for ssh-dss
public key algorithm.
[...] Potentially-incompatible Changes -------------------------------- [...] * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html [...] New Features ------------ [...] * sshd_config(5): add HostKeyAlgorithms option to control which public key types are offered for host authentications. * ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms, HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes options to allow appending to the default set of algorithms instead of replacing it. Options may now be prefixed with a '+' to append to the default, e.g. "HostKeyAlgorithms=+ssh-dss". [...]
OpenSSH 8.8 removed support for ssh-rss
public key algorithm.
[...] Potentially-incompatible changes ================================ This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for <USD$50K [1] For most users, this change should be invisible and there is no need to replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible. Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol. For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allow connection and/or user authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms options. For example, the following stanza in ~/.ssh/config will enable RSA/SHA1 for host and user authentication for a single destination host: Host old-host HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa We recommend enabling RSA/SHA1 only as a stopgap measure until legacy implementations can be upgraded or reconfigured with another key type (such as ECDSA or Ed25519). [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) https://eprint.iacr.org/2020/014.pdf [...]
This is not a best security practice, but you can temporarily allow legacy ssh-rsa
keys to be used to authenticate SSH server.
$ sudo tee /etc/ssh/sshd_config.d/legacy.conf <<EOF HostkeyAlgorithms +ssh-rsa EOF
Restart SSHD server.
$ sudo systemctl restart sshd
Try to connect using an older SSH client and observe log files.
May 31 23:23:01 IdeaCentre sshd[41414]: debug1: Forked child 41449. May 31 23:23:01 IdeaCentre sshd[41449]: debug1: Set /proc/self/oom_score_adj to 0 May 31 23:23:01 IdeaCentre sshd[41449]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 May 31 23:23:01 IdeaCentre sshd[41449]: debug1: inetd sockets after dupping: 4, 4 May 31 23:23:01 IdeaCentre sshd[41449]: Connection from 172.16.151.114 port 50006 on 172.16.151.200 port 22 rdomain "" May 31 23:23:01 IdeaCentre sshd[41449]: debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3 May 31 23:23:01 IdeaCentre sshd[41449]: debug1: Remote protocol version 2.0, remote software version SSHJ_0.0.0_no.git May 31 23:23:01 IdeaCentre sshd[41449]: debug1: compat_banner: no match: SSHJ_0.0.0_no.git May 31 23:23:01 IdeaCentre sshd[41449]: debug1: permanently_set_uid: 128/65534 [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEXINIT sent [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEXINIT received [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: kex: host key algorithm: ssh-rsa [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_KEX_DH_GEX_INIT received [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: rekey out after 4294967296 blocks [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_NEWKEYS sent [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: expecting SSH2_MSG_NEWKEYS [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: SSH2_MSG_NEWKEYS received [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: rekey in after 4294967296 blocks [preauth] May 31 23:23:01 IdeaCentre sshd[41449]: debug1: KEX done [preauth] May 31 23:23:09 IdeaCentre sshd[41449]: debug1: userauth-request for user milosz service ssh-connection method password [preauth] May 31 23:23:09 IdeaCentre sshd[41449]: debug1: attempt 0 failures 0 [preauth] May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: initializing for "milosz" May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: setting PAM_RHOST to "172.16.151.114" May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: setting PAM_TTY to "ssh" May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: password authentication accepted for milosz May 31 23:23:09 IdeaCentre sshd[41449]: debug1: do_pam_account: called May 31 23:23:09 IdeaCentre sshd[41449]: Accepted password for milosz from 172.16.151.114 port 50006 ssh2 May 31 23:23:09 IdeaCentre sshd[41449]: debug1: monitor_child_preauth: user milosz authenticated by privileged process May 31 23:23:09 IdeaCentre sshd[41449]: debug1: monitor_read_log: child log fd closed May 31 23:23:09 IdeaCentre sshd[41449]: debug1: PAM: establishing credentials May 31 23:23:09 IdeaCentre sshd[41449]: pam_unix(sshd:session): session opened for user milosz(uid=1000) by (uid=0) May 31 23:23:09 IdeaCentre systemd-logind[868]: New session 19 of user milosz. May 31 23:23:09 IdeaCentre sshd[41449]: User child is on pid 41538 May 31 23:23:09 IdeaCentre sshd[41538]: debug1: SELinux support disabled May 31 23:23:09 IdeaCentre sshd[41538]: debug1: PAM: establishing credentials May 31 23:23:09 IdeaCentre sshd[41538]: debug1: permanently_set_uid: 1000/1000 May 31 23:23:09 IdeaCentre sshd[41538]: debug1: rekey in after 4294967296 blocks May 31 23:23:09 IdeaCentre sshd[41538]: debug1: rekey out after 4294967296 blocks May 31 23:23:09 IdeaCentre sshd[41538]: debug1: ssh_packet_set_postauth: called May 31 23:23:09 IdeaCentre sshd[41538]: debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding May 31 23:23:09 IdeaCentre sshd[41538]: debug1: Entering interactive session for SSH2. May 31 23:23:09 IdeaCentre sshd[41538]: debug1: server_init_dispatch May 31 23:23:09 IdeaCentre sshd[41538]: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768 May 31 23:23:09 IdeaCentre sshd[41538]: debug1: input_session_request May 31 23:23:09 IdeaCentre sshd[41538]: debug1: channel 0: new [server-session] May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_new: session 0 May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_open: channel 0 May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_open: session 0: link with channel 0 May 31 23:23:09 IdeaCentre sshd[41538]: debug1: server_input_channel_open: confirm session May 31 23:23:09 IdeaCentre sshd[41538]: debug1: Received SSH2_MSG_UNIMPLEMENTED for 6 May 31 23:23:09 IdeaCentre sshd[41538]: debug1: server_input_channel_req: channel 0 request subsystem reply 1 May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_by_channel: session 0 channel 0 May 31 23:23:09 IdeaCentre sshd[41538]: debug1: session_input_channel_req: session 0 req subsystem May 31 23:23:09 IdeaCentre sshd[41538]: debug1: subsystem: exec() /usr/lib/openssh/sftp-server May 31 23:23:09 IdeaCentre sshd[41538]: Starting session: subsystem 'sftp' for milosz from 172.16.151.114 port 50006 id 0
Success.
Additional notes
Use PubkeyAcceptedKeyTypes
option to allow legacy public key types for user authentication.