====== Issues ======

<code>userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]</code>

''ssh-rsa'' is disabled due to security reason: [[https://www.openssh.org/txt/release-8.2|release-8.2]]

Needs to use ''rsa-sha2-256'' or ''rsa-sha2-512'':
<code bash>
ssh-keygen -t rsa-sha2-512 -b 2048
</code>


===== debug1: expecting SSH2_MSG_KEX_ECDH_REPLY =====

SSH hangs on ''debug1: expecting SSH2_MSG_KEX_ECDH_REPLY'' when using VPN (OpenVPN, MT Ipsec, ... doesn't matter).

Not catched root issue yet. Internet says it is related to packet size. So some workaround sometimes works:
  - reducing MTU in interface
  - limiting Kex list (reduce packet size during exchange)
  - specifing cipher for connection


<code bash>ip li set mtu 1400 dev wlan0</code>

<code bash>ssh -c aes256-gcm@openssh.com host</code>

<code bash>
ssh -o KexAlgorithms=ecdh-sha2-nistp521 username@systemname
</code>

<file config ~/.ssh/config>
KexAlgorithms ecdh-sha2-nistp521
</file>

Source:
  * [[https://serverfault.com/questions/210408/cannot-ssh-debug1-expecting-ssh2-msg-kex-dh-gex-reply|Cannot SSH: debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY [closed]
]]
  * [[https://askubuntu.com/questions/1229456/ssh-fails-with-connection-timed-out-in-vpn-and-hangs-here-expecting-ssh2-msg|SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS]]

===== X11 forwarding request failed on channel 0 =====

<file config /etc/ssh/sshd_config>
X11Forwarding yes
X11UseLocalhost no
</file>