Config to have "ssh too-old-host" error out (with chosen message, and sans actual connection attempt)?
Brian Candler
b.candler at pobox.com
Mon Jun 30 22:34:06 AEST 2025
On 30/06/2025 13:14, Jochen Bern wrote:
> What I've seen getting *specifically* refused is my local ssh-agent
> signing with the older (and shorter, 4kb) RSA keypair, but that
> doesn't seem to explain *all* the now-failing connections, either
That's a 4096-bit RSA key pair? Can you show the error message?
If it's not fixed by
PubkeyAcceptedAlgorithms +ssh-rsa
HostKeyAlgorithms +ssh-rsa
then I don't know what the issue might be.
The other settings I sometimes need to apply for very old network
devices are
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
Ciphers +aes256-cbc,3des-cbc
More information about the openssh-unix-dev
mailing list