Weird ssh problem from Terminal when contacting older Ubuntu 10.10 server

Can’t think of a better place to ask. :slight_smile:

From my Mac Terminal I usually use ssh to contact various Linode servers. Some are still running an older Ubuntu 10.10 and some are running a more up-to-date Ubuntu 16.04.

Since last year I haven’t been able to easily use ssh to contact the 10.10 servers. For example, if I try:

ssh dlerner@server.domain.com

I get an error like:

Unable to negotiate with server.domain.com port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

When that happens I can go into /Users/admin/.ssh/known_hosts and remove the record for server.domain.com. After that I can use this for ssh and something similar for scp:

ssh -o PubkeyAcceptedKeyTypes=+ssh-rsa -oHostKeyAlgorithms=+ssh-dss dlerner@server.domain.com

If I upgrade the server to 16.04 the problem goes away, but that is complicated and involves cloning a 16.04 Linode and moving things over and exchanging IP addresses. I’m slowly doing that for the different servers though.

Now the weird thing is one co-worker, also on a Mac, does not experience this problem at all!

He is still running Big Sur. I’m on Ventura. Is it some issue with Ventura? Is there some setting I can change to the Terminal app to make it more backwards compatible?

Thanks.

I believe what you are seeing is a change in Ventura for security. The OpenSSH shipping with Ventura is disabling the use of insecure ciphers.

See https://osxdaily.com/2022/12/22/fix-ssh-not-working-macos-rsa-issue/ which has suggestion on how to allow the insecure ciphers. Use the workaround noted in the article for as long as it takes you to get those ancient Ubuntu releases to something a bit more modern and secure.

3 Likes

Brilliant! That worked! Thanks very much. A major irritant is now fixed!

1 Like