Re: [tlug] SSH set up issues

[Scott Robbins <srobb@example.com>]

On Wed, May 07, 2025 at 09:17:26AM +0000, Stephen J. Turnbull wrote:
> Charles Muller writes:
> 
>  > Based on various suggestions I found on the web, I was able to work 
>  > around it by inserting the following text in .ssh/config:
>  >   Host linserv
>  >      HostName 192…..
>  >      User acmull5
>  >      HostKeyAlgorithms +ssh-rsa
>  >      PubkeyAcceptedKeyTypes +ssh-rsa
>  > 
>  > So I now I can log on with:
>  > 
>  >     ssh linserv
>  > 
>  > …but I would prefer to be able to log on with my original method of
>  > SSH followed by the actual server address number.
> 
> Besides Darren's suggestion of "Host <ip address>",
> 
> ssh -o 'HostKeyAlgorithms +ssh-rsa' -o 'PubKeyAcceptedKeyTypes +ssh-rsa' ...
> 
> should work (ssh(1) doesn't give examples of the syntax for the -o
> option so I'm just guessing that the key-value separator is ' ').
> Obviously you would want to make an alias for that.


For what it's worth, we have a couple of old servers at work, and I have
this, which works, in my ~/.ssh/config
Host <somehost>
HostKeyAlgorithms=ssh-dss



> 
> That said, at your convenience you should probably go to the server
> and generate ecdsa and/or ed25519 keys for the server, because as you
> upgrade you're going to find more and more of your hosts are
> deprecating ssh-rsa and ssh-dss host keys (both for ssh and sshd).
> Example:
> 
> ssh-keygen -t ed25519
> 
> and leave the pass-phrase empty.

Yes, I very much agree. 

-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6