Fix for ssh authentication failure

Post author: haven200
Post link: <a href="https://www.shixuen.com/linux/services_ssh.html" title="Fix for ssh authentication failure">https://www.shixuen.com/linux/services_ssh.html
Copyright Notice: All articles in this blog are licensed under <span class="exturl" data-url="aHR0cHM6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL2xpY2Vuc2VzL2J5LW5jLXNhLzQuMC9kZWVkLnpo"> BY-NC-SA unless stating additionally.

Posted on 2022-04-14 Edited on 2023-05-24 In linux Symbols count in article: 895 Reading time ≈ 1 mins.

tree by Bessi
Fix for ssh authentication failure “no matching host key type found. Their offer: ssh-rsa”

This morning, when i attempting to ssh to server, authentication failed with:
no matching host key type found. Their offer: ssh-rsa

The use of RSA signatures using the SHA1 algorithm were deprecated. In 8.8 (released on 2021-09-26), they were disabled by default (openssh):

OpenSSH 8.8 was released on 2021-09-26. It is available from the
mirrors listed at https://www.openssh.com/.

...
...

Potentially-incompatible changes
================================

This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]

As detailed in the openssh release notes, one workaround is to re-enable the broken signing algorithm:

Host haven200
HostName haven200.com
HostKeyAlgorithms=+ssh-rsa
PubkeyAcceptedKeyTypes=+ssh-rsa
...

References:
openssh