Skip to Main Content

Feedback

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Troubleshooting Instances Using Instance Console Connections fails to specify setting an SSH client to use rsa-sha2-256

Hank Wojteczko2 days ago

The doc link at https://docs.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm#serialconsole_topic_prerequisites fails to specify for Linux/MAC/WSL to use rsa-sha2-256 or rsa-sha2-512. It should.

The default SSH encryption on WSL/OLE8 and certain versions of MAC is RSA+SHA1. This is not supported by the console's SSH server instance when running for either the DB system or for local console connections to VMs. The error returned by the console service in this case is “Permission denied (publickey)”. Other errors when running ssh in full debug mode include: “debug2: match not found” and “debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]”, which indicate that an unsupported version of RSA encryption is being used by the SSH client.

The best option is for the user to create a config file in the user's home directory within the .ssh subdirectory as follows:

Host *
PubkeyAcceptedKeyTypes +ssh-rsa

I recommend you test this and add a warning box to https://docs.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm#serialconsole_topic_prerequisites along with instructions as appropriate.

Thanks.

Comments
Post Details
Added 2 days ago
2 comments
25 views