SSH – No Matching Host Key Type Found: How to Fix

rsasshssh-keys

I have two servers,

S1: My machine, Windows 8, OpenSSH 8.8p1, OpenSSL 1.1.11 2021-08-24,
S2: A Remote Server, Linux, Open SSH 5.3p1, OpenSSL 1.0.1e-fips 2013-02-11.

The message I have trying to investigate how to solve is

Unable to negotiate with xxx.xxx.xxx.xxx port xxxxx: no matching host key found, Their offer ssh-rsa,ssh-dss

Both S1 and S2 ssh users keys are RSA-2048 (~372 chars),
Both S1 and S2 etc/config files have all their options commented by default,
Both S1 and S2 ssh users have their config and authorized_keys files identical, including both public keys and aliases,
S2 is a Remote, Embedded Linux, not under my control, and which I cannot update. SSH cannot be updated, and is restricted to specific IPs.

Question is, should I change all keys to, i.e. ECDSA-256 for this to be solved?
Is there another configuration not mentioned here I am missing?

When I add the option HostkeyAlgorithms +ssh-rsa, suggested almost everywhere, SSH ask for password instead of checking the keys.

Best Answer

(expanding slightly)

You've actually fixed the problem in your title; with HostkeyAlgorithms +ssh-rsa it prompts for password, which means it accepted the hostkey. (You could even have told 8.8 to accept ssh-dss -- it's still implemented, although the OpenSSH developers recommend pretty strongly against it.)

The actual problem in your body is now user authentication, because OpenSSH 8.8 by default only uses for an RSA key the newer, stronger rsa-sha2-* algorithms, and 5.3 was about 8 years before those were defined. Add PubkeyAcceptedAlgorithms +ssh-rsa to get 8.8 to use the old, weak algorithm 5.3 can handle.

And if possible make snide remarks to whoever is responsible for that ancient system you're connecting to :-)

For Git Bash

If you are running msysgit (I am assuming you are) and are looking to run Git Bash (I recommend it over TortoiseGit, but I lean to the CLI more than GUI now), you need to figure out what your home directory is for Git Bash by starting it then type pwd (On Windows 7, it will be something like C:\Users\phsr I think). While you're in Git Bash, you should mkdir .ssh.

After you have the home directory, and a .ssh folder under that, you want to open PuTTYgen and open the key (.ppk file) you have previously created. Once your key is open, you want to select Conversions -> Export OpenSSH key and save it to HOME\.ssh\id_rsa. After you have the key at that location, Git Bash will recognize the key and use it.

Note: Comments indicate that this doesn't work in all cases. You may need to copy the OpenSSH key to Program Files\Git\.ssh\id_rsa (or Program Files (x86)\Git\.ssh\id_rsa).

For TortoiseGit

When using TortoiseGit, you need to set the SSH key via pacey's directions. You need to do that for every repository you are using TortoiseGit with.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Git for Windows – How to Tell Git Where to Find Private RSA Key

For Git Bash

For TortoiseGit

Ssh – How to automate SSH login with password

Related Topic