Code: Select all
$ ssh root@192.168.x.x
Unable to negotiate with 192.168.x.x port 22: no matching host key type found. Their offer: ssh-rsa
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[Networking] Can't SSH into my router after upgrade to bookworm
[Networking] Can't SSH into my router after upgrade to bookworm
I have been accesing my router via SSH with password, after upgrading to bookworm I get this error:
Re: [Networking] Can't SSH into my router after upgrade to bookworm
tldr: Upgrade your router's firmware. It's probably very out of date and insecure.
The problem you're running into is that the host key (the key that identifies the router to your computer) is an RSA key (with, I believe, an SHA-1 hash, which is weak). This is by default disabled (man 5 ssh_config, under HostKeyAlgorithms) to keep you safe. You can see what is supported by running ssh -Q HostKeyAlgorithms. You can enable ssh-rsa that by putting
Host $YOUR_ROUTERS_NAME
HostKeyAlgorithms +ssh-rsa
in your ~/.ssh/config. This would enable that algorithm for that specific host (replace $YOUR_ROUTERS_NAME with its hostname). But, it is better to NOT enable this, and instead upgrade the firmware so that your connection is secure.
The problem you're running into is that the host key (the key that identifies the router to your computer) is an RSA key (with, I believe, an SHA-1 hash, which is weak). This is by default disabled (man 5 ssh_config, under HostKeyAlgorithms) to keep you safe. You can see what is supported by running ssh -Q HostKeyAlgorithms. You can enable ssh-rsa that by putting
Host $YOUR_ROUTERS_NAME
HostKeyAlgorithms +ssh-rsa
in your ~/.ssh/config. This would enable that algorithm for that specific host (replace $YOUR_ROUTERS_NAME with its hostname). But, it is better to NOT enable this, and instead upgrade the firmware so that your connection is secure.
Re: [Networking] Can't SSH into my router after upgrade to bookworm
My router already has the latest firmware. but on the seller's forum they told me to try this command and it worked:
is it dangerous in regards to security? It's a fork of openwrt, I am considering flashing stock openWRT.
Code: Select all
ssh -oHostKeyAlgorithms=+ssh-rsa root@192.168.x.x
Re: [Networking] Can't SSH into my router after upgrade to bookworm
First of all, -o injects the HostKeyAlgorithms option from the command line, so they're proposing the same fix (but if you put it in your ~/.ssh/config, you won't have to do it on every ssh invokation).
As for security, I would be less worried about this specific SSH option (as long as you are only accessing the router from inside your network, and you don't have hostile devices on your LAN), and more worried about your firmware vendor not caring about keeping up with best practice and/or updating their firmware. If you think you can switch to stock OpenWRT safely on that hardware, I would.
Code: Select all
Host 192.168.x.x
HostKeyAlgorithms +ssh-rsa