The server logs this
2021-12-07 21:57:29.889029102 Server listening on 0.0.0.0 port 2222.
2021-12-07 21:57:29.889033114 Server listening on :: port 2222.
2021-12-07 21:57:30.635958078 Connection from 172.17.0.1 port 56406 on 172.17.0.3 port 2222 rdomain ""
2021-12-07 21:57:30.636572922 kex_exchange_identification: Connection closed by remote host
2021-12-07 21:57:30.637124145 Connection closed by 172.17.0.1 port 56406
2021-12-07 21:57:30.653516584 Connection from 172.17.0.1 port 56408 on 172.17.0.3 port 2222 rdomain ""
2021-12-07 21:57:30.656432406 Unable to negotiate with 172.17.0.1 port 56408: no matching host key type found. Their offer: ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 [preauth]
This shows the client offers ecdsa-sha2-nistp384
The server configuration is as follows
> cat /etc/ssh/sshd_config | grep -v "#" | grep -v -e '^$'
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PidFile /config/sshd.pid
Subsystem sftp /usr/lib/ssh/sftp-server -u 022
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
HostKeyAlgorithms ecdsa-sha2-nistp384
KexAlgorithms diffie-hellman-group-exchange-sha1
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1
LogLevel VERBOSE
This shows that HostKeyAlgorithms ecdsa-sha2-nistp384 is enabled on the server. Why can't they perform the handshake?
