Menu
Environment:
OS: Windows-10
Git Bash Version: 2.33.1
OpenSSH_8.8p1, OpenSSL 1.1.1l 24 Aug 2021
$ which ssh
/usr/bin/ssh
SSH connection to Gerrit Error:-
$ ssh -p 29418 [email protected]
Unable to negotiate with gerrit.example.com port 29418: no matching host key type found. Their offer: ssh-rsa,ssh-dss
In Git-2.32.0 ssh connection to gerrit works. Is there any restriction enabled in latest git version?
360
Connect to GitHub using SSH Launch Terminal / Git Bash. Press Enter when prompted “Enter a file in which to save the key”. Type a passphrase of your choice.
In terminal enter this command with your ssh file name pbcopy < ~/. ssh/id_rsa. pub This will copy the file to your clipboard Now open you github account Go to Settings > SSH and GPG keys > New SSH key Enter title and paste the key from clipboard and save it. Voila you're done.
Git For Windows 2.33.1 comes with OpenSSH 8.8 which disables RSA signatures using the SHA-1 hash algorithm by default.
For most users, this change should be invisible and there is no need to replace ssh-rsa keys.
OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible.Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol.
For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allow connection and/or user authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms options.
For example, the following stanza in ~/.ssh/config will enable RSA/SHA1 for host and user authentication for a single destination host:Host old-host HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa
Note: Git for Windows 2.34.0 does not bring any new element/evolution on the SSH front.
Stefan Prodan (DX @weaveworks, creator of http://flagger.app and maintainer of http://fluxcd.io) mentions in this tweet:
GitHub has changed its host keys 💥
If you're using @fluxcd please see here how to update the known hosts keys on your Kubernetes clusters.
Stefan refers to fluxcd/flux2 discussion 2097:
GitHub has changed its SSH host keys from RSA to ECDSA!
To fix the key mismatch error, you have two options:
- Update the
known_hostsin the flux-system secret with the ecdsa-sha2-nistp25 value:
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
- Or rotate the SSH keys with flux boostrap like so:
- delete the deploy key secret from your cluster
kubectl -n flux-system delete secret flux-system- rerun
flux bootstrap githubwith the same arguments as beforeFlux will generate the secret with ecdsa-sha2 SSH key and Host key
More details on
fluxcd/source-controller#490
Note: since Jan. 2022, the GitHub SSH Host key are available through a metadata endpoint api.github.com/meta.
That includes the github.com ecdsa-sha2-nistp256 value.
187
Facing the same problem. The solution is to add the following to ~/.ssh/config
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Cannot have Host as in the accepted answer. Must be exactly as above. I guess each server may be configured in different ways and individual may have to experiment.
30
This thread was recommended to me as I was facing the same issue but was not using gerrit.
I tried using the answered solution but it didn't work for me.
So for anyone in the same situation, adding just the below line in ~/.ssh/config did resolve the issue for me.
HostkeyAlgorithms +ssh-rsa
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
