Symptoms
When attempting to connect to the remote source server using the Transfer Tool, the following error is received:
CPANEL_ERROR: The remote basic credential check failed due to an error (The password that you provided is not correct, or the SSH key is not permitted access: Unable to negotiate with 203.0.113.2 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss)
Cause
This error is due to the source server advertising encryption methods for SSH (ssh-rsa and ssh-dss) that are no longer enabled by default on modern systems. This typically will occur if the source server is using an older OS, like CentOS 6.
Resolution
The older encryption methods will need to be temporarily enabled on the destination server so these deprecated encryption methods can be used.
- Log in as the
rootuser via SSH or WHM's Terminal. Create the following file:
# touch /root/.ssh/config
In this file, add the following content:
CONFIG_TEXT: Host *
HostkeyAlgorithms +ssh-dss
PubkeyAcceptedKeyTypes +ssh-dss
Note: The following steps are also required if you are using AlmaLinux/CloudLinux 9 and newer, or Ubuntu 24.04 and newer.
In order to utilize the legacy encryption methods, this will need to be enabled in the core OpenSSL policy as well.
# update-crypto-policies --set LEGACY
- Reboot the server to apply the legacy crypto policies.
Warning: Once the transfer is completed, it is highly recommended to revert the crypto policy and remove the /root/.ssh/config file.
To undo the crypto policy change if applicable:
Set the default policy:
# update-crypto-policies --set DEFAULT
- Reboot the server to apply the default crypto policies.
Comments
0 comments
Please sign in to leave a comment.