Can you pass SSH options to connect to older systems?

nothanks · May 7, 2026, 4:59am

We have a couple CentOS 6 systems (which makes me sad) that require you to pass ‘-oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa’ options to the client in order to connect to their ancient, and vulnerable, SSH server.

Is there a way to somehow pass those options along when trying to connect to those endpoints? I’m running OpenVAS in docker containers and Claude said to create an entry in the /root/.ssh/config of the greenbone-community-edition-ospd-openvas-1 container.

I did that:

# docker exec -it greenbone-community-edition-ospd-openvas-1 bash
root@ospd-openvas:/ospd-openvas# cat /root/.ssh/config
Host 192.168.1.156
AddKeysToAgent yes
ConnectTimeout 5
ServerAliveInterval 30
StrictHostKeyChecking no
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

But it’s not able to create a successful connection.

Is it possible to do this and if so, how?

Thanks!

Eero · May 7, 2026, 9:47am

@nothanks openvas does not use system ssh client. try copilot for better answers..

Eero

Eero · May 7, 2026, 10:17am

@nothanks you probably need to downgrade/configure libssh parameters (”not sure, need to test it on lab”)

Eero

nothanks · May 8, 2026, 4:17am

Thank you very much for your reply! I’ll just have to exclude these older hosts. But thank you again – I really appreciate your help!

Eero · May 8, 2026, 5:42am

@nothanks

It would be advisable to phase out old, unsupported hosts, as they are a nightmare from an information security perspective. They suffer from serious security vulnerabilities, including Copy‑Fail and the recently published Dirty‑Flag issue.

Eero