3

My customer has a legacy (old) SFTP client application that is used to upload files to an Ubuntu Server. Using version 20.04 LTS on the server this works just fine. However testing this to a 22.04 LTS server the connection fails and the server reports the following log message:

sshd[1490]: Unable to negotiate with XXX.XXX.XXX.XXX port 59993: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]

I can connect with other clients (such as FileZilla) from the same client devices using the same credentials so I'm sure the issue is localized to the legacy client application.

I'm guessing that this issue is due to ssh-rsa being disabled by default in 22.04? I'm aware of the security issues, however in this case of I have no way to touch anything at the client end since the client is heavily integrated into their workflow.

Is there anyway to "re-enable" the support for SFTP that existed in 20.04 LTS at the server end? If so can you give me some guidance on the necessary steps.

Thanks in advance.

presto
  • 31
  • there is a workaround here https://askubuntu.com/questions/1404049/ssh-without-password-does-not-work-after-upgrading-from-18-04-to-22-04 – Esther Jun 28 '22 at 14:12
  • Esther... thanks for that, however that appears to be a fix for client running 22.04 trying to connect to an older server. My problem is the other way round.. and old client connecting to a 22.04 server. – presto Jun 28 '22 at 14:46
  • On the server, read man sshd_config, see "AuthenticationMethods" On the client, ssh -v user@server will show the AuthenticationMethods offered by server and client. – waltinator Jun 28 '22 at 16:47
  • I did a little more investigation on this. I set up Ubuntu 21.10 on a spare box and added a basic SFTP configuration. This works fine (exactly the same as 20.04). It appears as if the support for ssh-rsa disabled in 22.04. The release notes for 22.04 related to this are as follows:

    ssh-rsa is now disabled by default in OpenSSH 357. See bug 1961833 203 to learn how to selectively re-enable it if necessary.

    The re-enablement instructions only seem to relate to ssh client not sshd server however Has anyone got any idea how to re-enable rsa-ssh support on 22.04 server?

     – presto Jul 08 '22 at 18:04
  • 1
    I have edited my answer to a similar question to include a workaround related to the sshd server. – user68186 Aug 23 '22 at 15:52

2 Answers2

5

I had the same issue trying to connect to Ubuntu 22.04 from a legacy SSH program (Apache Guacamole in my case). I fixed it by creating a custom conf file in the /etc/ssh/sshd_config.d/ directory containing the following two lines:

HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1

You could also just add those two lines to the sshd_config file, but I prefer to keep my customisation in a separate file.

Restart the sshd service after making the changes and it should work.

stuartm
  • 151
  • 4
  • Thanks so much... that works just fine. In my case I just had to add HostkeyAlgorithms +ssh-rsa and everything worked again. Thanks again. – presto Aug 17 '22 at 10:20
1

I also had the same issue when I upgraded from Ubuntu 20.04 to 22.04-- I had to use SFTP with an older IDE client (as well as creating an SSH tunnel for my MySQL client, Navicat), so I had to add this to my /etc/ssh/sshd_config file:

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers 3des-cbc,aes128-cbc,aes128-ctr,aes256-ctr

Then restart sshd service

Thanks to @user68186 for this answer: Ubuntu 22.04 SSH the RSA key isn't working since upgrading from 20.04 which led me in the right direction.

Richard
  • 111
  • 3