I'm in the middle of migrating some servers from RHEL6 to RHEL9, but I've hit a snag. It seems like RHEL9 doesn't accept SHA-1 by default anymore, and RSA keys of any length are also rejected. I've been experimenting with different key types, but nothing seems to work due to the significant differences in the OpenSSH versions. My goal is to avoid using a jump box or lowering security with legacy options in RHEL9. I really need some help finding a viable method to connect. By the way, I'm also trying to transfer a 2 TB database from the RHEL6 machine to the RHEL9 one. Any suggestions?
6 Answers
You could try modifying the RHEL9 settings temporarily to accept deprecated keys for the migration process. Just remember to roll back those changes once you're done. It's a bit of a workaround but might help you get through the transition smoothly.
What if you upgrade RHEL6 to RHEL7 first? Sometimes, upgrading incrementally can help avoid compatibility issues like SSH connection problems. Then you could head straight to RHEL9 from RHEL7. You might get better results that way!
Have you considered compiling the OpenSSH version on RHEL6 to match what's on RHEL9? It could solve the compatibility issue. Check out this link for guidance: https://stackoverflow.com/questions/38878758/how-to-upgrade-openssh-on-centos. Just make sure to clarify what your needs are since I didn't quite catch that initially.
If you're mainly copying files, have you thought about setting up a temporary NFS server? It could be useful depending on your network setup, although I know it's not always a straightforward option.
I spent a lot of time figuring this out for my older setups. In the end, you might need to add just a couple of lines to your SSH configuration. I’ll update with those details soon!
Are you looking to use rsync or sftp for transferring files? If that's the case, it might be better to consider rebuilding your server directly on RHEL9 and then just migrating the data. If that doesn't work, I'm not sure what other options there are. SSH connectivity shouldn't be a major blocker, but it sounds like it is for you.
Unfortunately, I can't get rsync or scp to work, which is really frustrating!