After installing a RHEL 9-based distribution, you might encounter difficulties when trying to SSH into crap older systems because of the newer, stronger cryptographic standards implemented by the operating system.
ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: error in libcrypto
Anyway, there are some ways to fix this
1. Allow legacy crap system-wide (be warned.. heh)
# update-crypto-policies --set LEGACY
# ...reboot
2. or create a coe a config file (say .legacy_ssh.conf)
.include /etc/ssl/openssl.cnf
[openssl_init]
alg_section = evp_properties
[evp_properties]
rh-allow-sha1-signatures = yes
and ssh to the legacy server/NAS etc via:
OPENSSL_CONF=./.legacy_ssh.conf ssh server.ip -l root
oh, btw , your old server etc may need extra params, in my case I need to set the Key Exchange Algorithm as +diffie-hellman-group14-sha1 so I have a special config on the desktop just for that server eg :
$ cat ~/.ssh/config
Host xx.xx.xx.xx
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
KexAlgorithms +diffie-hellman-group14-sha1
MACs +hmac-sha1
PubkeyAcceptedAlgorithms +ssh-rsa
In fact that server (a darn NAS in fact) it's just for backups (backup of backup of backup , you have an idea) and it is under firewall, strictly local net, YMMV
Saturday 22 June 2024
[ssh] oh no.. can't connect to the crap old server !
Labels:
error libcrypto,
ssh
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment