Hi Marco, Did you try to customize the SSH Proxy settings on the Configuration > Security > Cryptography > SSH Proxy page? When you uncheck the "Use Default" option and click on the eye icon to the right of the Server Host Key text box, you will find a list of other choices that you can enable.
Original Message:
Sent: Jan 23, 2023 03:29 AM
From: Marco Trucillo
Subject: PAM Version is 4.1.1.181 and ssh-rsa with RHEL9
Hi to all,
I have PAM Version is 4.1.1.181 and I tried to configure a new target machine with RHEL9
When I try to connect with ssh trough pam ssh proxy the connection close before showing login message. On server side I receive:
no matching host key type found. Their offer: ssh-rsa (preauth)
On PAM SSH Proxy and SSH Mindterm are using default value.
It seems that the protocol offered by PAM does not like the server. By the way I know that ssh-rsa signature scheme has been deprecated since OpenSSH 8.8 which was released in 2021.
As workaround I created a new services withh target port 22 and Application protocol "disabled" to have a "raw tcp tunnel" and in this case it work. But in this way I cannot record sessions and I think that it is a bad non-performant way.
Have any of you had this problem? How did you solve it?
Is there any patch for PAM ? Can I change the encryption options in "SSH PROXY" to add more? (I honestly think that now there are stronger ones available for the openssh version on pam, so I cannot resolve)
Thanks in advance
Marco