1. Forum
  2. FidoNet
  3. RBERRYPI

  • Re: scp and rsync

    From Richard Kettlewell@3:770/3 to SteveN on Thursday, February 22, 2024 17:02:35
    SteveN <nelsonse48@gmail.com> writes:
    Under rpi buster I could rsync and scp files between my rpis and my
    Macs. Using the new bookworm I can no longer scp or rsync with my
    Macs. I moved to bookworm because I just got my rpi5. How can I
    copy files between my Macs and my rpis now? Yeah, there is
    flashdrives and sneakernet but I prefer internet. Error msg 'Unable
    to negotiate with 192.168.1.129 port 22: no matching host key type
    found. Their offer: ssh-rsa,ssh=dss (this is for scp and rsync on my
    rpi5 to my MacBook). What do I need to configure?

    Most likely generating a new host key on the MacBook, using a less
    broken algorithm, will be sufficient. With that in mind:

    * What SSH version do you have on the MacBook?
    To find out: ssh -V

    * What host keys do you already have?
    To find out: ls -l /etc/ssh

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Pancho@3:770/3 to SteveN on Thursday, February 22, 2024 16:40:50
    On 22/02/2024 15:15, SteveN wrote:
    Under rpi buster I could rsync and scp files between my rpis and my
    Macs.  Using the new bookworm I can no longer scp or rsync with my Macs.
     I moved to bookworm because I just got my rpi5.  How can I copy files between my Macs and my rpis now?  Yeah, there is flashdrives and
    sneakernet but I prefer internet.  Error msg 'Unable to negotiate with 192.168.1.129 port 22: no matching host key type found.  Their offer: ssh-rsa,ssh=dss  (this is for scp and rsync on my rpi5 to my MacBook).
    What do I need to configure?
     Thanks.  --Steve

    Have you set up ssh keys on your rpi5?

    <https://raspberrytips.com/generate-ssh-keys-on-raspberry-pi/>

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Richard Kettlewell@3:770/3 to Pancho on Thursday, February 22, 2024 17:03:48
    Pancho <Pancho.Jones@proton.me> writes:
    On 22/02/2024 15:15, SteveN wrote:
    Under rpi buster I could rsync and scp files between my rpis and my
    Macs.  Using the new bookworm I can no longer scp or rsync with my
    Macs.  I moved to bookworm because I just got my rpi5.  How can I
    copy files between my Macs and my rpis now?  Yeah, there is
    flashdrives and sneakernet but I prefer internet.  Error msg 'Unable
    to negotiate with 192.168.1.129 port 22: no matching host key type
    found.  Their offer: ssh-rsa,ssh=dss  (this is for scp and rsync on
    my rpi5 to my MacBook). What do I need to configure?
     Thanks.  --Steve

    Have you set up ssh keys on your rpi5?

    <https://raspberrytips.com/generate-ssh-keys-on-raspberry-pi/>

    Read the error message, this is about host keys on the Mac, not the user
    keys on the Pi.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Pancho@3:770/3 to Richard Kettlewell on Thursday, February 22, 2024 18:06:00
    On 22/02/2024 17:03, Richard Kettlewell wrote:
    Pancho <Pancho.Jones@proton.me> writes:
    On 22/02/2024 15:15, SteveN wrote:
    Under rpi buster I could rsync and scp files between my rpis and my
    Macs.  Using the new bookworm I can no longer scp or rsync with my
    Macs.  I moved to bookworm because I just got my rpi5.  How can I
    copy files between my Macs and my rpis now?  Yeah, there is
    flashdrives and sneakernet but I prefer internet.  Error msg 'Unable
    to negotiate with 192.168.1.129 port 22: no matching host key type
    found.  Their offer: ssh-rsa,ssh=dss  (this is for scp and rsync on
    my rpi5 to my MacBook). What do I need to configure?
     Thanks.  --Steve

    Have you set up ssh keys on your rpi5?

    <https://raspberrytips.com/generate-ssh-keys-on-raspberry-pi/>

    Read the error message, this is about host keys on the Mac, not the user
    keys on the Pi.


    The message isn't great.

    I assume you mean it is about SHA-1 being deprecated for use with RSA,
    in OpenSSH 8.2. That SHA-1 is not actually part of the key, only a hash
    used to sign the key. I think you explained this a year or two ago. The
    point being that SHA-1 is an attribute of the SSH software, not the RSA key.

    I did wonder, but assumed a MAC would automatically update its SSH
    software. I'm still not sure if this is what you are getting at. Maybe
    the fact it is still offering ssh=dss is the smoking gun, a sign of old software?

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From druck@3:770/3 to Pancho on Friday, February 23, 2024 19:04:09
    On 22/02/2024 18:06, Pancho wrote:
    I did wonder, but assumed a MAC would automatically update its SSH
    software. I'm still not sure if this is what you are getting at. Maybe
    the fact it is still offering ssh=dss is the smoking gun, a sign of old software?

    Yes, but you can set up a machine specific exception in
    /etc/ssh/ssh_config to allow the older encryption algorithms if an
    upgrade isn't forthcoming.

    ---druck

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Lawrence D'Oliveiro@3:770/3 to Pancho on Friday, February 23, 2024 22:44:40
    On Thu, 22 Feb 2024 18:06:00 +0000, Pancho wrote:

    I did wonder, but assumed a MAC would automatically update its SSH
    software.

    This is Apple, remember. As with Bash and GCC and Python and others,
    they’re probably allergic to the licence in the new version or something.

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Richard Kettlewell@3:770/3 to Lawrence D'Oliveiro on Saturday, February 24, 2024 14:25:33
    Lawrence D'Oliveiro <ldo@nz.invalid> writes:
    On Thu, 22 Feb 2024 18:06:00 +0000, Pancho wrote:
    I did wonder, but assumed a MAC would automatically update its SSH
    software.

    Under normal circumstances SSH updates accompany macOS updates.

    This is Apple, remember. As with Bash and GCC and Python and others, they’re probably allergic to the licence in the new version or something.

    Current macOS has OpenSSH 9.4, i.e. August last year. But what matters
    here is what the OP is actually running and they’ve not yet shared that information as far as I can see.

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Doc O'Leary ,@3:770/3 to SteveN on Saturday, February 24, 2024 15:26:54
    For your reference, records indicate that
    SteveN <nelsonse48@gmail.com> wrote:

    Under rpi buster I could rsync and scp files between my rpis and my
    Macs. Using the new bookworm I can no longer scp or rsync with my Macs.

    What do I need to configure?

    I ran into the same problem with the VLC mobile app when trying to connect
    to the buster-upgraded RPi I have managing podcasts for me. Did a bit of searching and settled on this solution:

    pi@media:~ $ cat /etc/ssh/sshd_config.d/vlc.conf
    HostkeyAlgorithms +ssh-rsa,ssh-dss


    --
    "Also . . . I can kill you with my brain."
    River Tam, Trash, Firefly

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From druck@3:770/3 to All on Monday, February 26, 2024 21:24:53
    T24gMjUvMDIvMjAyNCAxODozOSwgU3RldmVOIHdyb3RlOg0KPiBJIHRoaW5rIEkgZm91bmQg YSBzb2x1dGlvbi7CoCBBcyBzdWdnZXN0ZWQgSSBhYWRlZCB0aGUgZm9sbG93aW5nIGxpbmUg dG8gDQo+IGJvdGggc3NoX2NvbmZpZyBhbmQgc3NoZF9jb25maWcgZmlsZXMganVzdCBhZnRl ciB0aGUgZmlyc3QgSW5jbHVkZSBsaW5lDQo+IA0KPiBIb3N0S2V5QWxnb3JpdGhtcyArc3No LXJzYSxzc2gtZHNzDQo+IA0KPiByc3luYyBhbmQgc2NwIHNlZW0gdG8gd29yayBib3RoIHdh eXMgbm93LsKgIChSZWJvb3QgYWZ0ZXIgZWRpdGluZyBjb25maWcgDQo+IGZpbGVzIC0gL2V0 Yy9zc2gvc3NoX2NvbmZpZyBhbmQgL2V0Yy9zc2gvc3NoZF9jb25maWcgb24gdGhlIHJwaTUg DQo+IGJvb2t3b3JtIC7CoCBJJ2xsIGRvIGl0IHRvIG15IHJwaTRiIG1hY2hpbmUgbm93IHRv by4NCg0KSSByZWNvbW1lbmQgcHJlZml4IHRob3NlIGxpbmVzIHdpdGggYSBmaWx0ZXIgZm9y IHRoZSBwcm9ibGVtYXRpYyANCm1hY2hpbmUsIHNvIHlvdSBjYW4ndCB1bndpdHRpbmdseSBi ZSBjb21wcm9taXNlZCBieSB3ZWVrIHNlY3VyaXR5IG9uIA0Kb3RoZXIgc2l0ZXMuDQoNCmUu Zy4NCg0KSG9zdCA8aG9zdG5hbWU+DQogICAgIEhvc3RLZXlBbGdvcml0aG1zICtzc2gtcnNh LHNzaC1kc3MNCg0KLS0tZHJ1Y2sNCg0K

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Richard Kettlewell@3:770/3 to druck on Monday, February 26, 2024 23:39:20
    druck <news@druck.org.uk> writes:
    On 25/02/2024 18:39, SteveN wrote:
    I think I found a solution.  As suggested I aaded the following line
    to both ssh_config and sshd_config files just after the first
    Include line
    HostKeyAlgorithms +ssh-rsa,ssh-dss
    rsync and scp seem to work both ways now.  (Reboot after editing
    config files - /etc/ssh/ssh_config and /etc/ssh/sshd_config on the
    rpi5 bookworm .  I'll do it to my rpi4b machine now too.

    I recommend prefix those lines with a filter for the problematic
    machine, so you can't unwittingly be compromised by week security on
    other sites.

    e.g.

    Host <hostname>
    HostKeyAlgorithms +ssh-rsa,ssh-dss

    I recommend upgrading the ancient macOS install to something from this
    decade l-)

    --
    https://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)