SSH into RAK7258 not working

jpmeijers · May 19, 2020, 7:33am

Issue: Can not SSH into gateway because of legacy key options.

jpmeijers@jpmeijers-XPS13-9333:~$ ssh [email protected]
Unable to negotiate with 192.168.2.16 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,[email protected]

From https://www.openssh.com/legacy.html one can see there is a way to allow legacy options. Ex:

jpmeijers@jpmeijers-XPS13-9333:~$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected]
The authenticity of host '192.168.2.16 (192.168.2.16)' can't be established.
RSA key fingerprint is SHA256:ObPCXOKIh3lDkOFkMHQulxp4S+lZ7NLpve0exNuuus4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.2.16' (RSA) to the list of known hosts.
[email protected]'s password: 


BusyBox v1.23.2 (2020-03-13 16:38:31 CST) built-in shell (ash)


 -----------------------------------------------------
        LoraWAN Gateway (1.1.0062_Release r202 20200313)
 -----------------------------------------------------
root@RAK7258:~#

Charles · November 20, 2020, 3:33pm

Dear @jpmeijers
got the same issue, the copy-id works fine but unable to log with keys

charles@mac-office:html$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/charles/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added 192.168.230.1 (RSA) to the list of known hosts.
[email protected] s password: 

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh [email protected]"
and check to make sure that only the key(s) you wanted were added.

charles@mac-office:html$ ssh [email protected]
Warning: Permanently added 192.168.230.1 (RSA) to the list of known hosts.
[email protected]'s password: 

BusyBox v1.23.2 (2020-07-01 09:37:57 CST) built-in shell (ash)

The option you mention does not works either on my side

charles@mac-office:html$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected]
Warning: Permanently added '192.168.230.1' (RSA) to the list of known hosts.
[email protected]'s password:

Did you find another workaround?

Charles · November 20, 2020, 3:38pm

Ok,

just looked into dropbear direction, here is the correct way to add your key, not with ssh-copyid

issue the following command (from the computer you want to access GW from) and change the GW ip of course if it’s different

ssh [email protected] "tee -a /etc/dropbear/authorized_keys" < ~/.ssh/id_rsa.pub

All is now fine