0%

Fix for ssh authentication failure

Fix for ssh authentication failure “no matching host key type found. Their offer: ssh-rsa”

This morning, when i attempting to ssh to server, authentication failed with:
no matching host key type found. Their offer: ssh-rsa

The use of RSA signatures using the SHA1 algorithm were deprecated. In 8.8 (released on 2021-09-26), they were disabled by default (openssh):

1
2
3
4
5
6
7
Potentially-incompatible changes
================================

This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]

As detailed in the openssh release notes, one workaround is to re-enable the broken signing algorithm:

1
2
3
4
5
Host haven200
HostName haven200.com
HostKeyAlgorithms=+ssh-rsa
PubkeyAcceptedKeyTypes=+ssh-rsa
...

References:
openssh

---- The End Thanks ----
Buy me a coffee