ssh-rsa
When i did
❯ ssh -p 2020 -o HostKeyAlgorithms=-ssh-rsa Dev@192.168.0.1
Unable to negotiate with 192.168.0.1 port 2020: no matching host key type found. Their offer: ssh-rsa
~
❯ nc 192.168.0.1 2020
SSH-2.0-dropbear
,? ???P??2*4?mcurve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.aussh-rsaaes128-ctr,aes256-ctraes128-ctr,aes256-ctr hmac-sha1,hmac-sha2-256,hmac-md5 hmac-sha1,hmac-sha2-256,hmac-md5nonenone??{?Jq9
I was a little curious as to what kind of dropbear version the router is running.
Perhaps it needs to be updated?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @KosmosCat
Thanks for posting in our business forum.
SSH into the router? Use Putty.
And I don't think you can change the router's SSH port. 2020 is not the port of the router.
Besides, except for us who may enter the root mode for debugging, we do not offer any help in getting the root access. I am not quite sure what you are up to. But I have no issue with the SSH into it and config on the router.
- Copy Link
- Report Inappropriate Content
I also have no issues ssh`ing to my router just following the tp-link documentation, no need for putty.
Thats not why I am posting here.
The reason is that sha-1 dependent signatures are depreceated but it appears that the er605 router uses just that.
see the below excerpt from openssh
OpenSSH 8.2 was released on 2020-02-14. Future deprecation notice ========================= It is now possible[1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release. This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs. The better alternatives include: * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them. * The ssh-ed25519 signature algorithm. It has been supported in OpenSSH since release 6.5. * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These have been supported by OpenSSH since release 5.7. To check whether a server is using the weak ssh-rsa public key algorithm for host authentication, try to connect to it after removing the ssh-rsa algorithm from ssh(1)'s allowed list: ssh -oHostKeyAlgorithms=-ssh-rsa user@host
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 195
Replies: 2
Voters 0
No one has voted for it yet.