× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2019

RE: 5733SC1 PTF SI70819 upgraded OpenSSH disabling ssh-dss (DSA) public key algorithm - multiple production SFTP failing now failing

Chris,

I added
Cipher +aes256-cbc,aes192-cbc,aes128-cbc

/QOpenSys/QIBM/ProdData/SC1/OpenSSH/etc/ssh_config line 52: Bad SSH2 cipher spec 'aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc'

Can you please re-confirm your Cipher spec?

Thanks
Paul


-----Original Message-----
From: Christopher Bipes <chris.bipes@xxxxxxxxxxxxxxx>
Sent: Tuesday, September 24, 2019 11:09 AM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
Subject: RE: 5733SC1 PTF SI70819 upgraded OpenSSH disabling ssh-dss (DSA) public key algorithm - multiple production SFTP failing now failing

This is the same problem I had last week. I also had to add:
Cipher +aes256-cbc,aes192-cbc,aes128-cbc to the same configuration file.

I was given this link by a business partner who uses IPSwitch products and their support gave it to them:
https://www.openssh.com/legacy.html




Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Steinmetz, Paul via MIDRANGE-L
Sent: Tuesday, September 24, 2019 7:50 AM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
Subject: 5733SC1 PTF SI70819 upgraded OpenSSH disabling ssh-dss (DSA) public key algorithm - multiple production SFTP failing now failing

IPL with SI70819 upgraded OpenSSH disabling ssh-dss (DSA) public key algorithm.
Multiple production SFTP failing.
Unable to negotiate with xxx.xxx.xxx.xx port 22: no matching host key type found. Their offer: ssh-dss

Remote sites either need to upgrade
Or
Re-enable ssh-dss using the HostKeyAlgorithms configuration option:

ssh -oHostKeyAlgorithms=+ssh-dss user@legacyhost

or

in the configuration file

WRKLNK '/QOpenSys/QIBM/UserData/SC1/OpenSSH/etc/ssh_config'

and add these to entries to the ssh_config file.

Host somehost.example.org --> the host name you use to connect/ip address

HostKeyAlgorithms +ssh-dss

Anyone else having these issues?
Which work around have others used?


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.