Saturday 22 June 2024

[ssh] oh no.. can't connect to the crap old server !

After installing a RHEL 9-based distribution, you might encounter difficulties when trying to SSH into crap older systems because of the newer, stronger cryptographic standards implemented by the operating system.

ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: error in libcrypto


Anyway, there are some ways to fix this

1. Allow legacy crap system-wide (be warned.. heh)

# update-crypto-policies --set LEGACY

# ...reboot

2. or create a coe a config file (say .legacy_ssh.conf)

.include /etc/ssl/openssl.cnf
[openssl_init]
alg_section = evp_properties
[evp_properties]
rh-allow-sha1-signatures = yes


and ssh to the legacy server/NAS etc via:

OPENSSL_CONF=./.legacy_ssh.conf ssh server.ip -l root


oh, btw , your old server etc may need extra params, in my case I need to set the Key Exchange Algorithm as +diffie-hellman-group14-sha1 so I have a special config on the desktop just for that server eg :

$ cat ~/.ssh/config

Host xx.xx.xx.xx

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
KexAlgorithms +diffie-hellman-group14-sha1
MACs +hmac-sha1
PubkeyAcceptedAlgorithms +ssh-rsa


In fact that server (a darn NAS in fact) it's just for backups (backup of backup of backup , you have an idea) and it is under firewall, strictly local net, YMMV 


No comments:

Post a Comment