Putty works, ssh does not

This is a new installation of openwrt (no ssh keypair). I am able to putty to it and log in, but ssh from windows or linux does not work. I get the following error:

ssh -v 192.168.1.1
OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/jrt/.ssh/config
debug1: /home/jrt/.ssh/config line 70: Applying options for 192.168.1.1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/jrt/.ssh/id_rsa type 0
debug1: identity file /home/jrt/.ssh/id_rsa-cert type -1
debug1: identity file /home/jrt/.ssh/id_ecdsa type -1
debug1: identity file /home/jrt/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/jrt/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/jrt/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/jrt/.ssh/id_ed25519 type -1
debug1: identity file /home/jrt/.ssh/id_ed25519-cert type -1
debug1: identity file /home/jrt/.ssh/id_ed25519_sk type -1
debug1: identity file /home/jrt/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/jrt/.ssh/id_xmss type -1
debug1: identity file /home/jrt/.ssh/id_xmss-cert type -1
debug1: identity file /home/jrt/.ssh/id_dsa type -1
debug1: identity file /home/jrt/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: compat_banner: no match: dropbear
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: load_hostkeys: fopen /home/jrt/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa

Any help would be appreciated

$ ssh-keygen -f ".ssh/known_hosts" -R "192.168.1.1"
Host 192.168.1.1 not found in .ssh/known_hosts

Normally, a new line would be added to the known_hosts file and ssh would connect. ssh is not adding the line for 192.168.1.1 (probably because the connection is not being made.)

.ssh/known_hosts is editable and owned by me.

I have done this a million times for other hosts, but for some reason this one is killing me.

What even is the point of that command?
Can't you just delete the line in a text editor?

Did ssh even ask you to save the fingerprint of the host?
From the logs it seems not, so you are not even at that part. And why? Because the host used outdated rsa algorithms while your openssh clients don't use those anymore by default because of security concerns and instead defaults to elliptic curve algos.

You have to allow them manually. Google is your friend. It's basically something like -o allowedcipherbla rsa.

Putty uses their own crypto stack, hence it works there. It doesn't disable those algos by default.

# ~/.ssh/config
Host 192.168.1.1
    User                        root
    HostKeyAlgorithms           +ssh-rsa

that did the trick! thanks for your help

I like what you did with those stacked quotes.

I just hope he learns for the next time to read the error message or at least use Google before asking.

Because now you have given him a finished solution and he is none the wiser.

I have seen people working in IT, calling themself programmer, getting far above median salary and I still have to read, dance and sing to them man pages. But it still pays the rent
So I don't have issues point out obvious facts.
Besides that I think he learned his lesson.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.