Knowledge Base

Cannot start Plesk migration: Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

 
backup restore migrationcentosgolinuxlinux server

Symptoms

  • Cannot start Plesk migration, with the one of the following errors appearing on the side of the destination Plesk server:

    Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

    Cause: Command execution failed on the local server with non-zero exit code.
    command: rsync -r --chmod=Fu=r,Du=rwx,go= --timeout=30 -e 'ssh -i /usr/local/psa/var/modules/panel-migrator/sessions/20231003130637/ssh-keys/id_rsa.203.0.113.2-p 22 -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no' /usr/local/psa/admin/plib/modules/panel-migrator/backend/lib/python/parallels/plesk/source/legacy/extras/plesk_12_5_pmm_shared/ [email protected]:/root/plesk_migrator/plesk_migrator-e4j6accugtjghq7yshwate5sy13uty1z/pmm_agent
    exit code: 255
    stdout:
    stderr: [email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

  • The destination Plesk server uses a new and still supported OS (for example Ubuntu 20 or above), while the source server uses a very old and unsupported OS (for example, Centos 6 or similar)

Cause

In OpenSSH 8.8 and above of the OpenSSH package, legacy keys ssh-rsa and ssh-dss are disabled (intentionally, for security reasons) and that makes the SSH connection to very old operating systems such as Centos 6 or Ubuntu 12 impossible.

Resolution

For such a migration to become possible, you must enable legacy keys support on the side of the destination server (the new server with the new OS) by doing the following:

  1. Connect to the destination server via SSH
  2. Open the /etc/ssh/ssh_config file with your favorite command-line text editor
  3. Add one of the following sets of lines that enable legacy support at the bottom of the file (depending on which of the two your old Linux server supports):

    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedKeyTypes +ssh-rsa

    OR

    HostKeyAlgorithms +ssh-dss
    PubkeyAcceptedKeyTypes +ssh-dss

    Note: In some cases with a source server running Ubuntu 12 or Centos 6, you may also have to add the chosen set of lines to the /root/.ssh/config file of your destination Plesk server.

    Warning: For security reasons, it is recommended that you remove the legacy support via these options right after the Plesk migration from the old server has been finalized.

  4. Save the changes
  5. Restart the SSH service in order to apply the changes:

    # systemctl restart ssh.service

  6. Restart the Plesk migration

Additional information

OpenSSH: Legacy Options

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

© 2025 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit