The purpose of this article is to demonstrate how to use ssh to remotely connect to an older linux host from a newer version of openssh when receiving the no matching host key type found error. The example in this article was used against an older RHEL 6.5 server.
If you attempt to ssh into an older operating system that doesn’t support modern key algorithms, you may encounter the following error:
Unable to negotiate with <ip address> port 22: no matching host key type found. Their offer: ssh-dss
This error message means that your version of openssh does not support ssh-dss (or whatever the stated algorithm is), and must be included in your ssh command.
To carry on and successfully connect, run the following command.
ssh -oHostKeyAlgorithms=+ssh-dss <user>@example.com
Again, note that ssh-dss is the algorithm in question here, but can be any algorithm. If RSA, then the algorithm will be ssh-rsa
Alternatively, you can edit the ~/.ssh/config file to include the host key algorithm so that you do not have to manually type it every time.
Host <host>
HostName <host ip address>
HostKeyAlgorithms=+ssh-dss
This may also be done in Putty if using Windows or if using the scp command on linux.
Conclusion
This article has demonstrated how to recover from the no matching host key type found when using ssh. Let us know in the comments if you have any questions. If this article was helpful, please read more of our content.
Leave a Reply