Package: ruby-net-ssh Version: 1:6.1.0-2 Severity: normal Hi,
net-ssh fails to connect to OpenSSH 8.8 and later. This means that we cannot connect to Debian 'testing' machines. The problem is twofold: 1/ ssh-rsa was removed as a host key algorithm, so net-ssh fails to negotiate such an algorithm with the following error message: /usr/share/rubygems-integration/all/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:407:in `negotiate': could not settle on host_key algorithm (Net::SSH::Exception) Server host_key preferences: rsa-sha2-512,rsa-sha2-256 Client host_key preferences: ssh-ed25519-cert-...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa This was tracked upstream in https://github.com/net-ssh/net-ssh/issues/712, and fixed in 6.2.0~beta1. I just updated the package in unstable to 6.3.0~beta1, so this part is fixed. 2/ ssh-rsa was also removed as a public key auth algorithm. when connecting, this results in this error server-side (in auth.log): userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] This can be worked around server-side by adding PubkeyAcceptedKeyTypes=+ssh-rsa in sshd_config This is tracked upstream as https://github.com/net-ssh/net-ssh/issues/836 fixed by this MR: https://github.com/net-ssh/net-ssh/pull/838 I looked into backporting this to the Debian package, but this is painful because there has been a coding style change in the meantime... Lucas
