Issues

userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

ssh-rsa is disabled due to security reason: release-8.2

Needs to use rsa-sha2-256 or rsa-sha2-512:

ssh-keygen -t rsa-sha2-512 -b 2048

SSH hangs on debug1: expecting SSH2_MSG_KEX_ECDH_REPLY when using VPN (OpenVPN, MT Ipsec, … doesn't matter).

Not catched root issue yet. Internet says it is related to packet size. So some workaround sometimes works:

1. reducing MTU in interface
2. limiting Kex list (reduce packet size during exchange)
3. specifing cipher for connection

ip li set mtu 1400 dev wlan0

ssh -c aes256-gcm@openssh.com host

ssh -o KexAlgorithms=ecdh-sha2-nistp521 username@systemname

~/.ssh/config

KexAlgorithms ecdh-sha2-nistp521

Source:

• Cannot SSH: debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY [closed]
• SSH fails with connection timed out - in VPN and hangs here "expecting SSH2_MSG_KEX_ECDH_REPLY" + Ubuntu 16.04.6 LTS

/etc/ssh/sshd_config

X11Forwarding yes
X11UseLocalhost no