Tried to ssh to my C.H.I.P device today, (which has been running smoothly for 3 months), and was confronted with a new error:
Unable to negotiate with 192.168.1.238 port 22: no matching host key type found. Their offer: ssh-dss
What the heck does this mean? Google, here we come!!
https://wiki.archlinux.org/index.php/Secure_Shell
– describes the symptoms quite well, but what about a solution??
Neat internet debate at http://security.stackexchange.com/questions/29262/disabling-authentication-via-dsa-keys-in-openssh — but again no solution.
– also describes a similar problem…. and what the solution was – from a CLIENT perspective.
But SSH keys that you have for your client side are the same as the ones you have for your server side (minus the password protection), right?
root@chip:/etc/ssh# head ssh_host_dsa_key -----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQDEDWeyHZnjTfccs/dsV1e+qUyr+7FMFFnBnJv2V6MeB3cN92Uz cBMq+e/i64Hgdggu/ukLRUBNQ9zlXznN3DEblNZH5O+Bebtq4Vn6hFYT+1cSEVnO 2NXz+oBPHYFSPNCDUNuMandf/vGveezsbd3ty0KyEuunSGJ9NHIdgbW4ZQIVAJu3 rTiXkvnKcyRC/2a7sDektQJ9AoGBAKcrorEJdjlIqmtjsoyk+90v3k9hKy673TKW WCZO4DJNvC0EVnVYQl02Q6HJB0Ar+mbQFU7HM/fr7LQr22BSMsTAy6s0nKAFogTK
So why not just generate new keys, and put them into the right spot.
root@chip:/tmp# ls -l /etc/ssh/*key -rw------- 1 root root 668 Aug 19 22:27 /etc/ssh/ssh_host_dsa_key -rw------- 1 root root 0 Jan 1 1970 /etc/ssh/ssh_host_ecdsa_key -rw------- 1 root root 0 Jan 1 1970 /etc/ssh/ssh_host_ed25519_key -rw------- 1 root root 0 Jan 1 1970 /etc/ssh/ssh_host_key -rw------- 1 root root 0 Jan 1 1970 /etc/ssh/ssh_host_rsa_key
Aha, this might be the reason..
root@chip:/tmp# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /tmp/ssh_host_rsa_key Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /tmp/ssh_host_rsa_key. Your public key has been saved in /tmp/ssh_host_rsa_key.pub. The key fingerprint is: 03:0a:02:4e:e9:50:67:a2:8a:e5:e9:1b:f8:54:a4:cf root@chip The key's randomart image is: +---[RSA 2048]----+ |.o+ o | |=o + | |=.o . . | |o= = . . | |o + o S | | o + . | |. + E | | o o | | o | +-----------------+
then copy these over the 0-byte ones
root@chip:/tmp# cpssh_host_rsa_key /etc/ssh/ssh_host_rsa_key root@chip:/tmp# cpssh_host_rsa_key /etc/ssh/ssh_host_rsa_key
Now, back on my Mac, I verify the ASCII art first
[bill@My-MBP tmp]$ ssh -o VisualHostKey=yes chip Host key fingerprint is SHA256:t+Fezp77iCm+q87ep+vjs/eHIx5ODrgDzIskla4Bx+U +---[RSA 2048]----+ | | | . | | . + | |. = E | |.+ o S o | |o o + . o o | | = . o. . = .. | |. . ...o+*+Boo. | | o**@&B+O=. | +----[SHA256]-----+
and I’m good to go…
Hope this helps somebody other than myself. 😀