Ssh into old embedded Linux systems running dropbear

Recently, openssh disabled the use of ssh-rsa, so you may now see something like the following if you try to ssh into an old system running dropbear:

Unable to negotiate with port 22: no matching host key type found. Their offer: ssh-rsa

The workaround is to put something like the following in you ~/.ssh/config file:

   HostkeyAlgorithms +ssh-rsa
   PubkeyAcceptedAlgorithms +ssh-rsa

You can also use the following command line options:

-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa

ah so its finally in thats good, see Demystifying “ssh-rsa” in OpenSSH Deprecation Notice | by Dorai Ashok S A | Level Up Coding

finally added some scripts to make this easier:

I’ve also found (technically I didn’t find this, it was explained to me and I verified it) newer openssh have disabled scp protocol for file transfer and instead want to use sftp by default. While nice from a theoretical security stand point (the actual vulnerability seems quite far fetched to me) it’s annoying as the scp command for a client now can fail if the server doesn’t have sftp abilities but does have scp abilities. This affects dropbear as well, as it doesn’t (afaik) have sftp support.

1 Like