29 September 2023

25 September 2023

Impact of new openssh 9.3p1 on Solaris 11.4.60

When connecting to an old server you may see

-bash-5.2$ ssh g0083
Unable to negotiate with port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

or if you try to connect from an old system to Solaris 11.4.60 or newer

-bash-4.4$ ssh g0049
no hostkey alg

This is because the new openssh version on Solaris 11.4.60 has sha-1 hash disabled by default.
It is recommended to update your old systems to newer versions.

On Solaris 11.3 you need to:
pkg install openssh
pkg set-mediator -I openssh ssh

If this is not possible as a workaround you can enable sha-1 on the new Solaris server
for the target systems in /etc/ssh/ssh_config and/or sshd_config

Host g0083
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa