16 Oct 2021

SSH'ing into Unifi

As I’ve posted about before, my home network is powered by Unifi gear. Since setting it up, I haven’t fiddled with it much. Due to warnings in the Unifi forums, I have auto-update disabled. I usually check the forums for issues and update a few days after release, and update manually by SSH’ing into each device. This time I noticed that I couldn’t SSH in. I was getting the below error:

Unable to negotiate with port 22: no matching host key type found. Their offer: ssh-rsa

While troubleshooting I noticed I could SSH to the Unifi device from my Macbook Pro (running Big Sur 11.6), but not my desktop. My Linux desktop runs Arch Linux, and is on a very recent version of OpenSSH (8.8p1-1 as of 2021-10-16). To cut a long story short, it turns out Unifi has an ancient OpenSSH implementation (Dropbear v2018.76) that does not support rsa-sha2 signatures. To override this temporarily, I had to add the following to my .ssh/config file:

HostKeyAlgorithms +ssh-rsa

Note, this is not good for security, so don’t enable this for all SSH connections, just Unifi. Unfortunately, this Unifi update still doesn’t update Dropbear…..I would expect a company that sells networking equipment to make a little more effort.