Answers
Got a burning question about open source or the kernel? Whatever your level, email it to answers@linuxformat.com
Neil Bothwick starts his day with a big cup of computer conundrums.
Q
That not syncing feeling
I have been using grsync over SSH for years to back up some folders password-less from my main computer to a Netgear ReadyNas Duo V2 without issue. Recently, I decided to do a clean install of Linux Mint after years of rolling updates. When I re-installed grsync and created RSA keys and tried to copy them to the NAS, I started to get connection problems, with errors like:
Unable to negotiate with 192.168.1.106 port 22: no matching host key type found. Their offer:
ssh-rsa rsync: connection unexpectedly closed
Can you please give me some advice on the correct way to set it up?
Ronald Zec
A It looks like reason the connection is failing is that later versions of OpenSSH no longer support RSA keys by default, so if they are disabled on either your computer or the NAS, you will see a message like this. You can get more information by using ssh in a terminal with verbose output: $ ssh -vuser@nas
To see which key algorithms it supports, run: $ ssh -Q HostKeyAlgorithms
If you have SSH terminal access to the NAS, you can use the same command to see which ciphers it supports. Then you can use ssh-keygen to create a suitable key pair acceptable to both. If both sides say they do accept RSA, it may be that your keys are not large enough (smaller is less secure). You can see the minimum accepted size with: $ ssh -Guser@nas| grep requiredrsasize
You can also check the ciphers in use at each end with: $ ssh -Q cipher
However, the best option is to use a more recent algorithm, such as ed255219, to create your keys: $ ssh-keygen -ted25519
If your NAS only supports a type of key not enabled by default, the last resort is to enable the use of the key algorithm in either /etc/ssh/ssh_config or ~/.ssh/ config. The former file sets global options, the latter is for that user only. Add this to the file, or create it if it doesn’t exist: Host nas.your.network192.168.1.106 HostKeyAlgorithm +rsa You do not need both domain name and IP address, but it doesn’t hurt. You can also add a Cipher line if you need to specify a cipher. The + before the name means this is added to the list of supported algorithms or ciphers instead of replacing it.