NimbostratusHi,
I recently upgraded my Big-IP from 11.6 HF6 to 12.1 successfully. However, I am not able anymore to execute scp commands which I used to transfer my ucs backups remotely. Any attempt always end up with a "no hostkey alg" error. I tried many different things like regenerating rsa and dsa keys like I always do after an upgrade, but as of today have been unsuccessful...
Any advice someone ?
Thanks, Pascal.
CirrocumulusTry this...
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
NimbostratusThanks, but tried that already, with no success. There was no ssh folder under /etc by the way...
CirrusTry this...
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
NimbostratusThanks, but tried that already, with no success. There was no ssh folder under /etc by the way...
NimbostratusNot sure that can help but, but here is a verbose output for the scp :
NimbostratusRan into this same issue and we were also using Bitvise SSH Server.
Beginning in BIG-IP 12.1.0, the BIG-IP system no longer supports DSA keys for SSH connections (as it is using OpenSSL 7.0).
https://support.f5.com/kb/en-us/solutions/public/k/40/sol40220910.html
The problem for us was with the host key that the SSH server was presenting, not the keys that were generated on the F5 for authentication. The Bitvise SSH Server was presenting a DSA host key, which is no longer supported.
Fix was to generate a new Host key from within Bitvise Control Panel (Manage Host Keys --> Generate New --> Employ) using the RSA Algorithm.
You may also need to clear the existing host key on the F5 by removing the relevant entries (or deleting the whole file) from /root/.ssh/known_hosts
NimbostratusHi Stuart, just forgot to put an update on that case, but that is exactly what I did too to fix that issue :)
Thanks, Have a good one,
Pascal.