scottklement.com

Hello, we are trying to get SFTP working on an IBM i, and when it runs the script we are getting this message,
Bad protocol 2 host key algorithms '+ssh-dss'.
Connection closed.
This is the first part of the SFTP script file:
************Beginning of data**************
#!/usr/local/bin/expect -f
set timeout 60
spawn sftp -oHostKeyAlgorithms=+ssh-dss $env(SSH_USER)@$env(SSH_HOST)
expect {
default {exit 2}
"continue connecting (yes/no" {send "yes\n"; exp_continue}
"assword:" {send "$env(SSH_PASS)\n"; exp_continue}
"sftp>"

Any ideas on how to resolve this error? Thank you!

My guess is that version of OpenSSH (the sftp program is part of the OpenSSH package) that you're running does not support that host key algorithm.

You make it sound like the problem is somehow related to Expect, and I don't understand how that could be. If you run the commands yourself at the command line, you don't get the same error?

Why are you specifying this host key algorithm?

Scott Klement wrote: ↑Tue Oct 03, 2023 8:32 pm My guess is that version of OpenSSH (the sftp program is part of the OpenSSH package) that you're running does not support that host key algorithm.

You make it sound like the problem is somehow related to Expect, and I don't understand how that could be. If you run the commands yourself at the command line, you don't get the same error?

Why are you specifying this host key algorithm?

I specified the host key because the person that initially created the script had it in there, and it worked on two other systems without a problem. We tried it without "-oHostKeyAlgorithms=+ssh-dss" and the SFTP worked like a charm. Thank you for your help!

I don't have a problem with a host key?

Your issue is that telling it to use a particular algorithm for host keys that isn't available in the version of OpenSSH you're using. I was asking why.

You say "it worked on two other systems!" -- were they the same version of OpenSSH? I'm going to guess they were newer versions.