Failed to connect to the host via ssh - no matching host key type found. Their offer: ssh-rsa,ssh-dss

[marek1712]

Please confirm the following

• I agree to follow this project's code of conduct.
• I have checked the current issues for duplicates.
• I understand that AWX is open source software provided for free and that I might not receive a timely response.
• I am NOT reporting a (potential) security vulnerability. (These should be emailed to security@ansible.com instead.)

Bug Summary

Unable to connect to old devices using SSHv1.

AWX version

24.6.1

Select the relevant components

• UI
• UI (tech preview)
• API
• Docs
• Collection
• CLI
• Other

Installation method

kubernetes

Modifications

no

Ansible version

2.15.6

Operating system

Rocky Linux 9.6

Web browser

Chrome

Steps to reproduce

1. SSH into Linux machine with old kernel, i.e. 2.6.32-573.22.1.el6.AV1.x86_64
2. You'll get an error:
   Failed to connect to the host via ssh: Unable to negotiate with AVAYA_EMS_SERVER port 222: no matching host key type found. Their offer: ssh-rsa,ssh-dss
3. Trying to define ansible_ssh_common_args: '-o PubkeyAcceptedKeyTypes=+ssh-dss,ssh-rsa -o HostKeyAlgorithms=+ssh-rsa' in the play results in the error: Data could not be sent to remote host \"AVAYA_EMS_SERVER\". Make sure this host can be reached over ssh: ssh_dispatch_run_fatal: Connection to IP_ADDRESS port 222: error in libcrypto\r\n".
4. I'm not sure if it's related but VM displays Pre-authentication banner.

Expected results

Ansible connects via SSH.

Actual results

Error: no matching host key type found. Their offer: ssh-rsa,ssh-dss.
Specifying ansible_ssh_common_args results in error in libcrypto.

Additional information

Affected code:

  - name: Backup block for EMS - SSH
    when: ssh222_enabled is succeeded
    vars:
      ansible_port: 222
      snapshot_dir: /usr/local/ipcs/snapshots/
      ansible_user: "{{ avaya_sbcems_login }}"
      ansible_password: "{{ avaya_sbcems_password }}"
      ansible_ssh_common_args: '-o PubkeyAcceptedKeyTypes=+ssh-dss,ssh-rsa -o HostKeyAlgorithms=+ssh-rsa'
    block:
    - name: Find the most recent ZIP snapshot file
      delegate_to: localhost
      shell: |
        ls -t {{ snapshot_dir }}*.zip | head -n 1
      register: latest_snapshot
      changed_when: false

Job log in the attachment. This is a follow up to #15840.

job_59424.txt

[oraNod]

Hey @marek1712 Thanks for opening the issue. From reading through, maybe there is an issue in your setup? Perhaps it could be a missing key in known_hosts or other place.

Could you try disabling host key checking by adding this to your inventory to see if you can establish a connection without SSH?

ansible_ssh_common_args='-o StrictHostKeyChecking=no'