An NE40E and an H3C SR6608 can be directly connected. The SR6608 fails to function as an SSH client to log in to the NE40E. An RSA public key is configured on the SR6608, and the NE40E is also configured with RSA.
The obtained packet header information shows that the type of the public key sent by the NE40E is ssh-dss or ssh-rsa during private key negotiation. The following figure shows the negotiation. The SR6608 also supports RSA and DSA for packet sending. For the NE40E, DSA is preferred to RSA. Therefore, the DSA public key is used for negotiation between the two ends. However, DSA is not configured on the SR6608 and therefore the authentication fails when RSA is configured.
1. Configure a DS public key on the SR6608.2. Run the <SR6608>ssh2 188.8.131.52 identity-key rsa command on the SR6608 to perform login.
The device that functions as a client does not need to determine whether a public key exists on the local when sending the supported public key algorithm. Only the device that functions as a server needs such determination. Therefore, packets are sent to the SSH server even if the client is not configured with DSA. The client supports both DSA and RSA. If the server has different priorities on DSA and RSA, the server uses DSA for authentication because DSA is preferred to RSA.
The public key authentication algorithm has a low priority. The public key needs to be specified during device login. You can run the ssh2 184.108.40.206 identity-key rsa command or specify the public key algorithm as RSA on the server if permitted.