Ssh into old embedded Linux systems running dropbear

cbrake · January 18, 2022, 8:12pm

Recently, openssh disabled the use of ssh-rsa, so you may now see something like the following if you try to ssh into an old system running dropbear:

Unable to negotiate with 10.0.0.111 port 22: no matching host key type found. Their offer: ssh-rsa

The workaround is to put something like the following in you ~/.ssh/config file:

host 10.0.0.111
   HostkeyAlgorithms +ssh-rsa
   PubkeyAcceptedAlgorithms +ssh-rsa

You can also use the following command line options:

-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa

khem · January 18, 2022, 10:54pm

ah so its finally in thats good, see Demystifying “ssh-rsa” in OpenSSH Deprecation Notice | by Dorai Ashok S A | Level Up Coding

cbrake · November 1, 2022, 9:58pm

finally added some scripts to make this easier:

bradfa · November 10, 2022, 12:42pm

I’ve also found (technically I didn’t find this, it was explained to me and I verified it) newer openssh have disabled scp protocol for file transfer and instead want to use sftp by default. While nice from a theoretical security stand point (the actual vulnerability seems quite far fetched to me) it’s annoying as the scp command for a client now can fail if the server doesn’t have sftp abilities but does have scp abilities. This affects dropbear as well, as it doesn’t (afaik) have sftp support.