By default, in RHEL 9, the older hosts can’t do the ssh directly.
This is disabled by default.
To enable this we need to update the crypto policies.
I. Error Message
[root@ngelinux001 ssh]# ssh RHEL9HOST no hostkey alg
II. Solution in case of RHEL 9
[root@ngelinux001 ssh]# update-crypto-policies --set DEFAULT:SHA1 Setting system policy to DEFAULT:SHA1 Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. [root@ngelinux001 ssh]#
III. Solution in case of older RHEL Versions
a. First Verify Permissions:
[root@ngelinux001 ssh]# ls -la /etc/ssh/ssh_host_*
-rw------- 1 root root 668 Feb 17 2017 /etc/ssh/ssh_host_dsa_key
-rw-r--r-- 1 root root 590 Feb 17 2017 /etc/ssh/ssh_host_dsa_key.pub
-rw------- 1 root root 963 Feb 17 2017 /etc/ssh/ssh_host_key
-rw-r--r-- 1 root root 627 Feb 17 2017 /etc/ssh/ssh_host_key.pub
-rw------- 1 root root 1675 Feb 21 11:48 /etc/ssh/ssh_host_rsa_key
-rw-r--r-- 1 root root 399 Feb 21 11:48 /etc/ssh/ssh_host_rsa_key.pub
b. Generate new DSA keypair in case it does not exists.
cd /etc/ssh
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
c. Mention new DSA key pair
vi /etc/ssh/sshd_config
Uncomment this line:
HostKey /etc/ssh/ssh_host_dsa_key
d. Change group and restart SSHD service
chgrp ssh_keys ssh_host_dsa_key
service sshd restart
Now you can retry the connection with the older client and check it should connect now.
