There is a connection problem while connecting from Rocky Linux 9.3 (OpenSSH_8.7p1, OpenSSL 3.0.7) to Oracle Linux Server release 6.10 (OpenSSH_5.3p1, OpenSSL 1.0.1e-fip) via ssh.
ssh -v [email protected]
returns
Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
I’ve tried to create .ssh/config file like below;
Host x.x.x.x
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

but this time the error was;
ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: error in libcrypto

How can I solve it?

Perhaps simply re-enabling SHA-1 would be enough? 3.9. Re-enabling SHA-1 Red Hat Enterprise Linux 9 | Red Hat Customer Portal

Does Oracle sell security support for that 6.10?

You need to change the ‘crypto policy’ used by the Rocky 9 system - by default el9 uses the ‘DEFAULT’ policy

To allow it to connect over ssh to an el6 host (or allow an el6 host to ssh to an el9 host), you need to set the policy to ‘LEGACY’ via:

update-crypto-policies --set LEGACY

The crypto policies are pulled in to ssh via /etc/crypto-policies/back-ends/openssh.config (via /etc/ssh/ssh_config.d/50-redhat.conf)

Note: changing the crypto-policy to LEGACY will potentially change the setting for other apps/services - so you might want to come up with your own policy (or overrides) that just changes the crypto settings for ssh/sshd - don’t change the file /etc/crypto-policies/back-ends/openssh.config directly

i.e. see the update-crypto-policies man page and the docs at:

update-crypto-policies --set DEFAULT:SHA1

But, as written in documents, they need reboot and this change affects system-wide. I couldn’t guess the whole affect.
I think, --set DEFAULT:SHA1 is better for security reasons.