Differences

This shows you the differences between two versions of the page.

--- networking:ssh [2020/05/24 10:08] – created bstafford
+++ networking:ssh [2024/07/29 09:28] (current) – [ByPass Legacy Ciphers] bstafford
@@ Line 40: / Line 40: @@
 To list the key in the format shown by PuTTY, use
 <code>ssh-keygen -l -E md5 -f /etc/ssh/ssh_host_rsa_key.pub</code>
+Show all
+<code>for file in /etc/ssh/*_key.pub; do ssh-keygen -lf $file; done</code>
+Determine the fingerprint of the RSA host key
+<code>ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub</code>
+Determine the fingerprint of the ED25519 host key
+<code>ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub</code>
+Determine the fingerprint of the ECDSA host key
+<code>ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub</code>
 =====Fix SSH Key Generation Problem in CentOS 6=====
@@ Line 66: / Line 77: @@
 <code>ssh-keygen -f private.pem -y > public.pub</code>
+===== Copy over Public Key =====
+To enable passwordless login, you must copy over your public key to the other sever
+<code>ssh-copy-id remote_username@server_ip_address</code>
+===== Ignore Warning =====
+<code>ssh -q -o "StrictHostKeyChecking no" admin@192.168.1.1</code>
+===== ByPass Legacy Ciphers =====
+I had to do this to access a Cisco switch.
+Add the following to the SSH command.
+<code>-oKexAlgorithms=+diffie-hellman-group1-sha1</code>
+You can also add the following to ''.ssh/config''
+<code>Host x.x.x.x
+    KexAlgorithms +diffie-hellman-group1-sha1</code>
+=====Unable to Negotiate  =====
+I found the following when trying to SSH from Ubuntu 22.04.4 to Palo Alto Networks Firewall running PAN-OS 11.0.0
+<code>Unable to negotiate with <IP> port 22: no matching host key type found. Their offer: ssh-rsa,ssh-rsa,ssh-rsa</code>
+To make it work, I had to add the following at the end of the SSH command in Ubuntu
+<code>-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa</code>