Symptoms
- Cannot start Plesk migration, with the one of the following errors appearing on the side of the destination Plesk server:
Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
Cause: Command execution failed on the local server with non-zero exit code.
command: rsync -r --chmod=Fu=r,Du=rwx,go= --timeout=30 -e 'ssh -i /usr/local/psa/var/modules/panel-migrator/sessions/20231003130637/ssh-keys/id_rsa.203.0.113.2-p 22 -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no' /usr/local/psa/admin/plib/modules/panel-migrator/backend/lib/python/parallels/plesk/source/legacy/extras/plesk_12_5_pmm_shared/ [email protected]:/root/plesk_migrator/plesk_migrator-e4j6accugtjghq7yshwate5sy13uty1z/pmm_agent
exit code: 255
stdout:
stderr: [email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). - The destination Plesk server uses a new and still supported OS (for example Ubuntu 20 or above), while the source server uses a very old and unsupported OS (for example, Centos 6 or similar)
Cause
In OpenSSH 8.8 and above of the OpenSSH package, legacy keys ssh-rsa
and ssh-dss
are disabled (intentionally, for security reasons) and that makes the SSH connection to very old operating systems such as Centos 6 or Ubuntu 12 impossible.
Resolution
For such a migration to become possible, you must enable legacy keys support on the side of the destination server (the new server with the new OS) by doing the following:
- Connect to the destination server via SSH
- Open the
/etc/ssh/ssh_config
file with your favorite command-line text editor - Add one of the following sets of lines that enable legacy support at the bottom of the file (depending on which of the two your old Linux server supports):
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsaOR
HostKeyAlgorithms +ssh-dss
PubkeyAcceptedKeyTypes +ssh-dssNote: In some cases with a source server running Ubuntu 12 or Centos 6, you may also have to add the chosen set of lines to the
/root/.ssh/config
file of your destination Plesk server.Warning: For security reasons, it is recommended that you remove the legacy support via these options right after the Plesk migration from the old server has been finalized.
- Save the changes
- Restart the SSH service in order to apply the changes:
# systemctl restart ssh.service
- Restart the Plesk migration