Pages

SSH xxx.xxx.xxx.xx port 22: no matching connection (closed)

You are getting this SSH error when trying to connect:

Unable to negotiate with xxx.xxx.xxx.xx port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss connection [closed]

This means the SSH client and server cannot agree on a common host key algorithm to use during connection. The server offers ssh-rsa and ssh-dss, but your SSH client doesn't accept those by default anymore because of security changes in newer OpenSSH versions.

Option 1: 

1.Backup current SSH configs
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.06022025
# cp /etc/ssh/ssh_config /etc/ssh/ssh_config.06022025

You copy the SSH daemon config file (sshd_config) and the SSH client config file (ssh_config) to backups named with today's date (06022025).
This is good practice before making changes.

2.Modify SSH config files to allow ssh-rsa algorithm

echo "HostKeyAlgorithms +ssh-rsa" >> /etc/ssh/sshd_config
echo "PubKeyAcceptedAlgorithms +ssh-rsa" >> /etc/ssh/sshd_config
echo "HostKeyAlgorithms +ssh-rsa" >> /etc/ssh/ssh_config
echo "PubKeyAcceptedAlgorithms +ssh-rsa" >> /etc/ssh/ssh_config

You append lines to both SSH daemon and client config files to explicitly add ssh-rsa as an allowed algorithm.

3.Restart SSH daemon
stopsrc -s sshd;startsrc -s sshd;lssrc -s sshd

These commands stop, start, and check the status of the SSH daemon (sshd).

Option 2:

1. Step-by-step to create/edit .ssh/config
Open (or create) the file ~/.ssh/config in your user’s home directory:
vim ~/.ssh/config

2.Add the following configuration to allow ssh-rsa for a specific host:
Host myserver
HostName xxx.xxx.xxx.xx
User your_username
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

  • Replace myserver with any alias you want.
  • Replace xxx.xxx.xxx.xx with the server IP or hostname.
  • Replace your_username with your SSH login username.

If you want to enable this for all hosts, you can do:

Host *
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

3.Save and exit the editor.
4.Set the correct permissions for the file:
chmod 600 ~/.ssh/config

4.Restart SSH daemon
# stopsrc -s sshd;startsrc -s sshd;lssrc -s sshd

These commands stop, start, and check the status of the SSH daemon (sshd).
by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)