Recent update for SSH breaks backward compatibility, how do I downgrade to the previous version?

Question

I recently updated a Ubuntu system, and then discovered that the SSH functionality I was employing was no longer supported in the updated version.

How do I revert the sshd.service to the previous release?

(Yes, I do understand that the older sushi needs updated, and that will happen as well)

I tried the work around with the following additions on the /etc/ssh/ssh_config on the client:

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

But I still see:

debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/its_demo2/.ssh/id_rsa.pub RSA SHA256:Ml5N2i3iOCN04zqjnpT1y7dQvKOQZT9zsOT5GPE5KFk explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive

Does this answer your question? SSH without password does not work after upgrading from 18.04 to 22.04 — Artur Meinild, Jun 09 '22 at 11:29
Also see this question on why it might not be a good idea to downgrade system security packages and libraries in general. — Artur Meinild, Jun 09 '22 at 11:34
Did you change the /etc/ssh/ssh_config file on the client side? — Artur Meinild, Jun 09 '22 at 13:21
Yes I did but I still get debug1: send_pubkey_test: no mutual signature algorithm — LinuxDad, Jun 09 '22 at 13:35
Oh maybe I misread your question. Could you try this solution instead? (Generate a new keypair with a more modern cipher, if this is an option?) — Artur Meinild, Jun 09 '22 at 13:49
You write up an answer detailing what you did to make it work. — Artur Meinild, Jun 09 '22 at 21:24
Does this answer your question? Ubuntu 22.04 SSH the RSA key isn't working since upgrading from 20.04 — user68186, Oct 03 '22 at 15:12

Artur Meinild · Answer 1 · 2022-09-16T09:59:37.053

5

I had a problem connecting to older devices, and I made it work in Ubuntu 22.04 with OpenSSH 8.9 / OpenSSL 3.0.2 by adding the following lines in the Host section of /etc/ssh/ssh_config on the client side:

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

This will restore functionality of the legacy RSA SHA-1 hash algorithm for the SSH client.

Note of caution: Be aware that this will potentially make connections less secure (but still to the level of Ubuntu 20.04).

edited Sep 16 '22 at 09:59

answered Jun 09 '22 at 11:28

Artur Meinild

26,018

Still learning, thanks. – LinuxDad Jun 09 '22 at 13:21
1

Make sure those lines appear within a Host stanza in ssh_config. I've written a lengthier explanation here – Andrew Richards Sep 16 '22 at 09:42
Thanks for pointing that out, I've clarified my answer. – Artur Meinild Sep 16 '22 at 09:59
This is connecting from an old device to Ubuntu 22.04? Client is old device? Does not work for me ... – mahatmanich Aug 14 '23 at 09:24
If you need to adjust the sshd (daemon) setting, you need to edit /etc/ssh/sshd_config - read more here. – Artur Meinild Aug 14 '23 at 10:05

Recent update for SSH breaks backward compatibility, how do I downgrade to the previous version?

1 Answers1

Linked