Host_A: Ubuntu 18.04.6 LTS, PHP v7.2, OpenSSH v7.6
Host_B: Ubuntu 22.04.5 LTS, OpenSSH v8.9
I'm trying to establish a SSH connection to a remote server (let's call it "Host_B") via PHP's SSH2 extension to execute some commands remotely. "Host_A" would be the server which I am trying to connect from. When I try to connect to Host_B, it always fails with:
ssh2_connect(): Error starting up SSH connection(-5): Unable to exchange encryption keys
ssh2_connect(): Unable to connect to [Host_B]
Also: the following message can be read from the ssh logs from Host_B:
sshd[###]: Unable to negotiate with [Host_A] port 55466: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
Note: These error messages arise when trying to authenticate with plain password via ssh2_auth_password as well as with ssh2_auth_pubkey_file (Which makes total sense, considering how the error already occurs on ssh2_connect, which happens before either of the two authentication methods). Just wanted to clarify
What I suppose happened here, is that OpenSSH on Host_B refused the connection, because there is no secure algorithm which is supported by both the SSH2 extension by PHP on Host_A and OpenSSH on Host_B.
As of now, it seems that the only two algorithms supported by PHP's SSH2 extension (even in the latest versions), as stated by PHP documentation, are ssh-rsa and ssh-dss. But both of these algorithms are deprecated and disabled by default in OpenSSH as of version 8.8.
As OpenSSH declared both of these algorithms insecure, I don't just want to re-enable them in some config and use them as if nothing is wrong with that.
What are my options here? Should this not be a concern?
The PHP docs also state the following for the hostkeys:
Supported Values are dependent on methods supported by underlying library. See » libssh2 documentation for additional information.
Under the libssh2 docs one can find modern algorithms like ssh-ed25519. But when trying:
ssh2_connect('Host_B', [Port], ['hostkey' => 'ssh-ed25519'])
I get the following PHP error:
ssh2_connect(): Failed overriding HOSTKEY method
The PHP docs tells you that you need to upgrade the version of libssh2. ssh-ed25519 was added since version 1.9.0. However, as Ubuntu 18 is no longer supported, you may need to compile the lib yourself.