Solved: ssh error no hostkey alg in Linux in RHEL 9 and in older versions.

By default, in RHEL 9, the older hosts can’t do the ssh directly.

This is disabled by default.

To enable this we need to update the crypto policies.

I. Error Message

[root@ngelinux001 ssh]# ssh RHEL9HOST
no hostkey alg


II. Solution in case of RHEL 9

[root@ngelinux001 ssh]# update-crypto-policies --set DEFAULT:SHA1
Setting system policy to DEFAULT:SHA1
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
[root@ngelinux001 ssh]#


III. Solution in case of older RHEL Versions

a. First Verify Permissions:
[root@ngelinux001 ssh]# ls -la /etc/ssh/ssh_host_*
-rw------- 1 root root 668 Feb 17 2017 /etc/ssh/ssh_host_dsa_key
-rw-r--r-- 1 root root 590 Feb 17 2017 /etc/ssh/
-rw------- 1 root root 963 Feb 17 2017 /etc/ssh/ssh_host_key
-rw-r--r-- 1 root root 627 Feb 17 2017 /etc/ssh/
-rw------- 1 root root 1675 Feb 21 11:48 /etc/ssh/ssh_host_rsa_key
-rw-r--r-- 1 root root 399 Feb 21 11:48 /etc/ssh/

b.  Generate new DSA keypair in case it does not exists.

cd /etc/ssh
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key

c. Mention new DSA key pair
vi /etc/ssh/sshd_config
Uncomment this line:
HostKey /etc/ssh/ssh_host_dsa_key

d. Change group and restart SSHD service
chgrp ssh_keys ssh_host_dsa_key
service sshd restart

Now you can retry the connection with the older client and check it should connect now.
0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments