原文 Solution to openssh-8.8-p1 update: no matching host key type found. Their offer: ssh-rsa
解决办法
如果最近升级到了 openssh 8.8-p1 版, 你会发现连接某些之前连接得好好的服务器突然无法连接:
Unable to negotiate with x.x.x.x port 2222: no matching host key type found. Their offer: ssh-rsa
或者仓库无法clone:
> git clone git@github.com:user/repository.git
Cloning into 'xxxx'...
Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
解决办法是ssh命令指定算法:
ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa user@host -p 2222
上面比较麻烦, 可以修改ssh配置文件 ~/.ssh/config, 对于无法成功连接的host, 增加配置项:
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
完整配置如下:
Host ssh.alanwei.com
HostName ssh.alanwei.com
User alan
Port 22
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
完整配置里的 HostName, User, Port 可以省略
或者对所有Host指定:
Host *
ServerAliveInterval 10
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
为什么会有这个错误
根据 OpenSSH Release Notes:
Future deprecation notice It is now possible[1] to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K.
In the SSH protocol, the “ssh-rsa” signature scheme uses the SHA-1 hash algorithm in conjunction with the RSA public key algorithm. OpenSSH will disable this signature scheme by default in the near future.
Note that the deactivation of “ssh-rsa” signatures does not necessarily require cessation of use for RSA keys. In the SSH protocol, keys may be capable of signing using multiple algorithms. In particular, “ssh-rsa” keys are capable of signing using “rsa-sha2-256” (RSA/SHA256), “rsa-sha2-512” (RSA/SHA512) and “ssh-rsa” (RSA/SHA1). Only the last of these is being turned off by default.
也就是说 8.8p1 版的 openssh 的 ssh 客户端默认禁用了 ssh-rsa 算法, 但是对方服务器只支持 ssh-rsa, 当你不能自己升级远程服务器的 openssh 版本或修改配置让它使用更安全的算法时, 在本地 ssh 针对这些旧的ssh server重新启用 ssh-rsa 也是一种权宜之法.