View Single Post
  #3  
Old 07-08-2015, 01:34 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,636
Hi cwstevens,

In looking at the differences in the traces/logs, this seems that it may be the issue:

SecureCRT:
[LOCAL] : Available Remote Host Key Algos = ssh-rsa,ssh-dss
[LOCAL] : Selected Host Key Algo = ssh-dss

OpenSSH:
debug1: Server host key: RSA 70:2f:16:60:53:06:fa:95:29:0c:e0:a7:cc:a8:82:1b
debug1: Host '10.1.1.237' is known and matches the RSA host key.


When SecureCRT connects, the remote server seems to falsely advertise that it supports the DSA (ssh-dss) algorithm for host keys. In fact, the SSH protocol (RFC 4253) *requires* that ssh-dss be supported for host keys (see section 6.6). Therefore, we ask that you please report this issue also to the admin of the remote server.

You should be able to work around the issue by configuring SecureCRT to prefer RSA rather than DSA host keys. You will need to modify two session INI file options. If this is something you need for all future sessions, you can make the change to the Default.ini file.

Session INI files (and Default.ini) are stored in the Sessions subfolder of the configuration folder. The location of your installation's Configuration folder is found in the General / Configuration Paths category of SecureCRT's Global Options.

D:"Use Global Host Key Algorithms"=00000001

To:
D:"Use Global Host Key Algorithms"=00000000

And

S:"Host Key Algorithms"=ssh-dss,ssh-rsa,null,x509v3-sign-rsa,x509v3-sign-dss

To:
S:"Host Key Algorithms"=ssh-rsa,ssh-dss,null,x509v3-sign-rsa,x509v3-sign-dss

Note that the list of algorithms may differ from above. What is important is that it is changed so that ssh-rsa appears *first*.

To edit a session's INI file:
  1. Close all instances of SecureCRT. If changes are made to the session's INI file while SecureCRT is running, the changes made will be undone when SecureCRT is restarted.
  2. Edit the session's INI file (modify lines as shown above).
  3. Save changes made to the session's INI file and start SecureCRT.
Note: If you use the /F command-line option in the target of the shortcut used to launch SecureCRT, then the path to the Config folder will be different than the path in step 2 above.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote