Security

SSH access using Ruby to outdated servers

If for some unknown reasons you need to connect thru SSH to some outdated server using Ruby code, then you are in the right place. But first a little piece of theory behind it. There are 4 configurable things in OpenSSH concerning security configuration:

  • KexAlgorithms: per-connection keys (key exchange)
  • HostkeyAlgorithms: public key to identify server to clients
  • Ciphers: connection encryption
  • MACs: message authentication codes

As time passes various algorithms become deprecated and are known to be vulnerable. However there are tons of servers on the internet and on private networks which still use these old things. On a regular SSH client as well as net-ssh Ruby client code you will not be able to connect to such servers, instead you will receive error messages that you are unable to establish connection.

There is solution for that.

First:

:host_key => "+ssh-dss"

Then:

append_all_supported_algorithm: true

With these two additional options which you pass to Net::SSH.start method you will be able to connect to the most of running servers out there. Still there will be some chance you may need to adjust it, like for some old Cisco hardware, but you will cover 99.99%. Hope that you find it useful no matter if you try to administer you old networking rig or just playing around with various things…