We have some older devices that only support 18.06.9 & we cannot connect via ssh-rsa keys to them from modern linux clients like Fedora 36 or Ubuntu 22.04. We get:
send_pubkey_test: no mutual signature algorithm
even if we use
-o PubkeyAcceptedKeyTypes=ssh-rsa
I made a test from an Ubuntu 20.04 container & it worked with the same rsa key, so I'm presuming that's in an issue with outdated/incompatible openssh protocols. Is there anyway to get around this problem - our Ubuntu 22.04 Checkmk server needs to connect to these clients via ssh.
It would actually be preferable if there a way to add ed25519 to 18.06 - we connect to our 22.03 routers with ed25519 - I just tried with an rsa key because the ed25519 wouldn't work.
You need to either update to newer generated keys or downgrade your ssh protections on your server. RSA-SH1 is depreciated and removed due to security vulnerabilities.
OpenWrt's dropbear client doesn't support ed25519 till version 21.
So either you will have to upgrade dropbear on the older routers and upgrade the keys, or enable your server to use the old RSA-SH1 connections with their vulnerabilities.
you can set specific client connection protocols to minimise your exposure.
Ideally upgrading your routers to the newer OpenWrt releases would give you ed25519 keys and update your security for those routers. This would be what I'd do.