gitblit icon indicating copy to clipboard operation
gitblit copied to clipboard

Published 20 hours ago verified publisher icon gitblit-org

SSH : no matching host key type found. Their offer: ssh-rsa,ssh-dss

Open cshsoft opened this issue 3 years ago • 11 comments

Use ssh-keygen -t RSA to generate a key pair and add the public key to the account. No matching host key type found. Their offer: ssh-rsa, ssh-dSS

cshsoft avatar Oct 25 '21 02:10 cshsoft

You are probably using the latest version of OpenSSH, e.g. 8.8. OpenSSH has removed ssh-rsa from its defaults.

As a workaround you can enable it in your SSH client. For example on the command line, add -oHostKeyAlgorithms=+ssh-rsa to the SSH command: ssh -oHostKeyAlgorithms=+ssh-rsa [email protected].

This is not practical for Git usage, so you can change it in your config. Add a section for your Git server to your ~/.ssh/config file like so:

Host gitblit.example.com
    HostkeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa

See also Atlassian's article for a longer explanation. This workaround is necessary until Gitblit updates the server side host key generation.

flaix avatar Oct 25 '21 17:10 flaix

I've tried that, but I still failed

cshsoft avatar Oct 27 '21 05:10 cshsoft

Which SSH are you using and on what OS version?

flaix avatar Oct 27 '21 07:10 flaix

libssh2-1.10.0

cshsoft avatar Oct 27 '21 09:10 cshsoft

The operating system is Window 10

cshsoft avatar Oct 27 '21 09:10 cshsoft

Now I am confused. That library explicitly lists only ssh-rsa and ssh-dss as the supported hostkey types. Also there is nothing to the contrary in the changelog. Is this a private project or some public git client I could use for testing?

flaix avatar Oct 27 '21 10:10 flaix

Private project, server for Gitblit, running fine on my desktop but reporting an error on my laptop,and found new error:

Failed to retrieve list of ssh authentication methods: Failed getting response

cshsoft avatar Oct 28 '21 06:10 cshsoft

In that case I am not sure how to best help you now. At some point Gitblit will have to update the Host key types, for OpenSSH 8.8. But your case seems different, since your library states that it still supports ssh-rsa.

As you use the library in your code you ought to be able to change the configuration for your program and to debug the communication.

flaix avatar Oct 29 '21 00:10 flaix

try this in .ssh/config: Host mygitblit.server.com PubKeyAcceptedKeyTypes +ssh-rsa

andrm avatar Nov 04 '21 10:11 andrm

You can adding the lines below into the Host xxx.xxx.xxx.xxx(server ip) section of your SSH configuration:

Windows systems, this file is located at %USERPROFILE%.ssh\config or $(git_install folder)\etc\ssh\ssh_config.

Host xxx.xxx.xxx.xxx (gitblit server ip) HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa

good luck

Huihh avatar Dec 16 '21 02:12 Huihh

I used @flaix suggestion "ssh -oHostKeyAlgorithms=+ssh-rsa [email protected]." and it worked fine. But found that I had to always had to specify the HostKeyAlgorithms when ssh to the host. Will try @andrm method and will update this comment

shreeramjoshi2000 avatar Aug 02 '22 03:08 shreeramjoshi2000

While the original seems like a error on the client side, this was still an issue for people using OpenSSH 8.8. This has been fixed by supporting additional host key types in PR #1429

flaix avatar Oct 26 '22 15:10 flaix

@flaix Will this show up in the nightly? I looked at docker hub and it seems the nightly has not been updated for 7 months?

jcasale avatar Oct 26 '22 17:10 jcasale

Yes, it should. The last nightly run failed to deploy to Docker Hub. I hope this one works, otherwise I have to make it work again.

flaix avatar Oct 26 '22 17:10 flaix

@jcasale The last nightly successfully deployed to Docker Hub.

flaix avatar Oct 27 '22 09:10 flaix