This is the same problem I had last week. I also had to add:
Cipher +aes256-cbc,aes192-cbc,aes128-cbc to the same configuration file.
I was given this link by a business partner who uses IPSwitch products and their support gave it to them:
https://www.openssh.com/legacy.html
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Steinmetz, Paul via MIDRANGE-L
Sent: Tuesday, September 24, 2019 7:50 AM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
Subject: 5733SC1 PTF SI70819 upgraded OpenSSH disabling ssh-dss (DSA) public key algorithm - multiple production SFTP failing now failing
IPL with SI70819 upgraded OpenSSH disabling ssh-dss (DSA) public key algorithm.
Multiple production SFTP failing.
Unable to negotiate with xxx.xxx.xxx.xx port 22: no matching host key type found. Their offer: ssh-dss
Remote sites either need to upgrade
Or
Re-enable ssh-dss using the HostKeyAlgorithms configuration option:
ssh -oHostKeyAlgorithms=+ssh-dss user@legacyhost
or
in the configuration file
WRKLNK '/QOpenSys/QIBM/UserData/SC1/OpenSSH/etc/ssh_config'
and add these to entries to the ssh_config file.
Host somehost.example.org --> the host name you use to connect/ip address
HostKeyAlgorithms +ssh-dss
Anyone else having these issues?
Which work around have others used?
midrange.com
