Re: ssh on FreeBSD 14.3 won't talk to older hosts

Reply: Christian Weisgerber : "Re: ssh on FreeBSD 14.3 won't talk to older hosts"
In reply to: Frank Leonhardt : "ssh on FreeBSD 14.3 won't talk to older hosts"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Frank Leonhardt <freebsd-doc_at_fjl.co.uk>
Date: Mon, 11 Aug 2025 19:25:15 UTC

On 11/08/2025 20:11, Frank Leonhardt wrote:
> I have an older FreeBSD box that FreeBSD 14.3 refuses to connect to 
> using ssh and a certificate login. Everything else works fine 
> (including 14.2), and has done for years. I can connect in the other 
> direction (from the old host to the 14.3). I can also connect from 
> 14.3 to newer hosts. I note that OpenSSH has been updated to 9.9p2 for 
> this release.
>
> If I do connect to this older box it reverts to password login, which 
> does work. It's the certificate login that's borked.
>
> I'm carefully using RSA keys rather than anything fancy, and have 
> sshd_config modified to accept them. When I connect to the old box I 
> can specify the exact key to use (-i ~/.ssh/id_rsa) but it doesn't 
> make any difference.
>
> I can't put sshd in debug mode on an alternative port due to a 
> firewall, and I don't have console access. It's pointless doing it on 
> any other host as they all work!
>
> I dare say that someone somewhere decided it was a good idea to 
> disable ssh certificate logins to older versions of sshd but I can't 
> find the line I need to add to some config file (presumably 
> /etc/ssh/ssh_config) to reverse this behaviour.
>
> I note "OpenSSH plans to remove support for the DSA signature 
> algorithm in early 2025."
>
> Any suggestions?
>
And, no sooner had he posted the question, when the the next desperate 
attempt finally worked (I've been at this most of the afternoon on and 
off). They've changed the accepted key types default so you have to 
specify it in /etc/ssh/ssh_config (or ~/.ssh/config).

Add the following:

HostKeyAlgorithms=+ssh-dss
PubkeyAcceptedKeyTypes +ssh-rsa
Protocol 2,1

I have all three but they may not all be needed in all circumstances, 
and having protocol 1 isn't something you want to enable unless you're 
aware of the risks.

This is IN SPITE of OpenSSH ssh-keygen still generating RSA by default, 
so the default key type it creates it won't use without this hack. 
Unless I'm missing something.

Regards, Frank.