macOS Ventura ssh 古老服务器又一问题

现象

对端版本为 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

ssh 报错

1
no matching host key type found. Their offer: ssh-rsa,ssh-dss

在 ssh config 中添加

1
HostKeyAlgorithms +ssh-rsa

后仍报错

1
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

查看对端 secure 日志

1
2
3
4
Jul 31 11:46:53 sshd[11845]: error: ssh_rsa_verify: cannot handle type rsa-sha2-512
Jul 31 11:46:53 sshd[11845]: error: cert_parse: Certificate signature verification failed
Jul 31 11:46:53 sshd[11845]: error: key_from_blob: can't parse cert data
Jul 31 11:46:53 sshd[11845]: error: userauth_pubkey: cannot decode key: ssh-rsa-cert-v01@openssh.com

还需在 ssh config 中添加

1
PubkeyAcceptedKeyTypes +ssh-rsa

总结

需要添加如下两条配置

1
2
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa