Over the last several releases, Fedora has removed support for old, broken crypto algorithms. Unfortunately, this makes it harder to deal with old devices or servers that can't easily be upgraded. For example, I have a switch that I can't connect to with the ssh on Fedora.
I can connect to it fine with the ssh on CentOS 7 though... podman/docker to the rescue!
#!/bin/bash
get_container_runtime() {
if [ -n "$CONTAINER_RUNTIME" ] ; then
container_runtime=$CONTAINER_RUNTIME
return
fi
podman=$( type -p podman )
if [ -n "$podman" ] ; then
container_runtime=$podman
return
fi
docker=$( type -p docker )
if [ -n "$docker" ] ; then
container_runtime=$docker
return
fi
echo 'No container runtime found.' >&2
exit 1
}
get_container_runtime
set -e
container=${CONTAINER:-"centos:7"}
ssh_cmd=$( mktemp /tmp/ssh.XXXXXX )
chmod 700 "$ssh_cmd"
trap "rm -fv $ssh_cmd" EXIT
cat > "$ssh_cmd" <<END
#!/bin/sh
set -e
yum -y install /usr/bin/ssh
ssh $@
END
run_args=(
-it
--rm
-v "$HOME/.ssh:/root/.ssh"
-v "$ssh_cmd:$ssh_cmd"
)
if [ -n "$SSH_AUTH_SOCK" ] ; then
run_args+=(
-e=SSH_AUTH_SOCK
-v "$SSH_AUTH_SOCK:$SSH_AUTH_SOCK"
)
fi
$container_runtime run ${run_args[@]} \
"$container" \
"$ssh_cmd"
The script accepts all of the arguments that the container's ssh accepts (because it blindly passes them along). It automatically maps your .ssh directory and your ssh-agent socket. YMMV, but I've tested it on Fedora with podman and a Mac with docker.