With RHLinux 8, OpenSSH has been updated to the version 8.0.
root@ol8test:~# ssh -V OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020
If a Linux 8 system is secured, some weak key exchange algorithms might be disabled/removed. When connecting from such a system to a legacy system e.g. Linux 6, you will see the following errors:
root@ol8test:~# ssh root@ol6test Unable to negotiate with 10.10.169.20 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
To work around this, we can choose one of methods listed and supplment to ssh:
ssh -oKexAlgorithms=+diffie-hellman-group-exchange-sha256 root@ol6test
Another possible issues is with FIPS enabled, you might see the following error:
root@ol8test:~# ssh root@ol6test ssh_dispatch_run_fatal: Connection to 10.10.169.20 port 22: invalid argument
Once FIPS disabled (a reboot is required to do so), you will be able to ssh over to the legacy system.
To disable FIPS on Linux 8:
# fips-mode-setup --enable Setting system policy to FIPS FIPS mode will be enabled. Please reboot the system for the setting to take effect.
To check FIPS is enabled or disabled:
root@ol8test:/boot# fips-mode-setup --check FIPS mode is disabled. root@ol8test:/boot# cat /proc/sys/crypto/fips_enabled 0 root@ol8test:/boot# sysctl crypto.fips_enabled crypto.fips_enabled = 0