DSA SSH Hostkeys
(2017-05-25)
Problem
I have a stone-age host monitor thing that is complaining that it can't find agreeable SSH host keys from my CentOS 7 server. Turns out it requires DSA host keys and won't use the other host keys that are available. CentOS 7 by default does not generate DSA host keys because DSA is old and busted.
Solution
In /etc/ssh/sshd_config:
HostKey /etc/ssh/ssh_host_dsa_key
Run:
# ssh-keygen -t dsa -N '' -f /etc/ssh/ssh_host_dsa_key
# chgrp ssh_keys /etc/ssh/ssh_host_dsa_key
# systemctl restart sshd
Search Engine Bait
Protocol Error: can not agree hostkey