I try to connect the Omada Software Controller (version 5.15.24.19) to my new SFTP server (for backups) but get these errors in the logs of the SFTP server:

ssh: no common algorithm for host key; client offered: [ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521], server offered: [ssh-ed25519 rsa-sha2-256 rsa-sha2-512]"}
 

On client side it says (in Dutch): "Kan geen verbinding maken met de bestandsserver. De bestandsserver bestaat mogelijk niet of is tijdelijk niet beschikbaar. Controleer de gegevens en uw netwerkverbinding en probeer het opnieuw." (English: "Unable to connect to the file server. The file server may not exist or is temporarily unavailable. Please check the information and your network connection, then try again.")

The root cause is that the Omada Software Controller uses an outdated SSH client library, which only offers legacy algorithms (ssh-rsa, dss, ecdsa). Modern SSH servers disable these for security reasons and only allow stronger host key algorithms (ed25519, rsa-sha2-*).
Because there’s no overlap, the connection fails. This is not something the end user can fix properly – TP-Link needs to update the SSH implementation in the Omada Controller to support current algorithms.

Legacy SSH algorithms in Omada are officially deprecated:

• DSA (ssh-dss)

  • Removed in OpenSSH 7.0 (2015)

  • Limited to 1024-bit keys → insecure

  • OpenSSH 7.0 release notes

• RSA with SHA-1 (ssh-rsa)

  • Disabled by default in OpenSSH 8.8 (2021)

  • Relies on SHA-1, which is cryptographically broken

  • OpenSSH 8.8 release notes

  • NIST SHA-1 deprecation

• ECDSA (ecdsa-sha2-nistp256/384/521)

  • Still allowed but considered less robust than modern alternatives

  • Ed25519 is strongly recommended instead

  • RFC 8420 – Ed25519 for SSH

👉 Modern SSH servers only allow Ed25519 or RSA-SHA2 (rsa-sha2-256 / rsa-sha2-512).
👉 Omada Controller still only offers legacy algorithms, so it cannot connect to a properly secured server.