ssh-rsa

ssh-rsa

ssh-rsa
ssh-rsa
a week ago
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.6

When i did
 

❯ ssh -p 2020 -o HostKeyAlgorithms=-ssh-rsa Dev@192.168.0.1

Unable to negotiate with 192.168.0.1 port 2020: no matching host key type found. Their offer: ssh-rsa

 

~

❯ nc 192.168.0.1 2020

SSH-2.0-dropbear

,? ???P??2*4?mcurve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.aussh-rsaaes128-ctr,aes256-ctraes128-ctr,aes256-ctr hmac-sha1,hmac-sha2-256,hmac-md5 hmac-sha1,hmac-sha2-256,hmac-md5nonenone??{?Jq9


I was a little curious as to what kind of dropbear version the router is running.

Perhaps it needs to be updated?

  0      
  0      
#1
Options
2 Reply
Re:ssh-rsa
a week ago

Hi @KosmosCat 

Thanks for posting in our business forum.

SSH into the router? Use Putty.

 

And I don't think you can change the router's SSH port. 2020 is not the port of the router.

 

Besides, except for us who may enter the root mode for debugging, we do not offer any help in getting the root access. I am not quite sure what you are up to. But I have no issue with the SSH into it and config on the router.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#2
Options
Re:ssh-rsa
Monday

  @Clive_A 

 

I also have no issues ssh`ing to my router just following the tp-link documentation, no need for putty.

Thats not why I am posting here.

The reason is that sha-1 dependent signatures are depreceated but it appears that the er605 router uses just that.

 

see the below excerpt from openssh

 

OpenSSH 8.2 was released on 2020-02-14. 

Future deprecation notice
=========================

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 hash algorithm for less than USD$50K. For this reason, we will
be disabling the "ssh-rsa" public key signature algorithm that depends
on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The ssh-ed25519 signature algorithm. It has been supported in
   OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

 

 

 

  0  
  0  
#3
Options