Hi All,

Since installing OpenSSH 7 I've been unable to connect to my router though ssh pubkey authentication. Previous versions of OpenSSH still work. This is an issue for automated scripts using ssh.

I always get the following message returned:
OpenSSH7 Unable to negotiate with 192.168.1.1: no matching host key type found. Their offer: ssh-dss

Running RouterOS version: 6.28

Google tells me the following:

OpenSSH 7.0 and greater similarly disables the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use. It can be re-enabled using the HostkeyAlgorithms configuration option:

Code: Select all

ssh -oHostKeyAlgorithms=+ssh-dss user@127.0.0.1

http://www.openssh.com/legacy.html

But that is not working...

Could you guys possibly implement ssh-rsa?

Thank you for looking into this!

I also am in favor of supporting ssh-rsa in the next release. For now, you can override OpenSSH's defaults by adding the following two options.

I also am in favor of supporting ssh-rsa in the next release. For now, you can override OpenSSH's defaults by adding the following two options.

Code: Select all

-oHostKeyAlgorithms=+ssh-dss -oPubKeyAcceptedKeyTypes=+dsa 

According to the changelog, 6.31 supports RSA keys if you enable "strong crypto" for SSH (/ip ssh set strong-crypto=yes)

I also am in favor of supporting ssh-rsa in the next release. For now, you can override OpenSSH's defaults by adding the following two options.

Code: Select all

-oHostKeyAlgorithms=+ssh-dss -oPubKeyAcceptedKeyTypes=+dsa 

According to the changelog, 6.31 supports RSA keys if you enable "strong crypto" for SSH (/ip ssh set strong-crypto=yes)

Just upgraded to 6.31 and tested with an RSA key, seems to be working