无法与 40.74.28.9 端口 22 协商:找不到匹配的主机密钥类型。 他们的提议:ssh-rsa
[英]Unable to negotiate with 40.74.28.9 port 22: no matching host key type found. Their offer: ssh-rsa
问题描述
After start of using NixOS as a new package management system, I get the following error when using git within Azure DevOps repositories and rsa ssh key: 
After start of using NixOS as a new package management system, I get the following error when using git within Azure DevOps repositories and rsa ssh key:
jaroslavbezdek@mac> git pull
Unable to negotiate with 40.74.28.9 port 22: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
What can I do with that, please?请问我能用它做什么?
13 个解决方案
解决方案1
163 已采纳 2021-11-07 19:21:13
With SSH, there are several different types of keys and RSA keys (the ssh-rsa ) kind can support multiple kinds of signatures.使用 SSH,有几种不同类型的密钥,而 RSA 密钥( ssh-rsa )种类可以支持多种签名。 The signature type ssh-rsa refers to RSA with SHA-1, whereas the signature type rsa-sha2-256 is RSA with SHA-256 and rsa-sha2-512 is RSA with SHA-512.签名类型ssh-rsa是指带有 SHA-1 的 RSA,而签名类型rsa-sha2-256是带有 SHA-256 的 RSA,而rsa-sha2-512是带有 SHA-512 的 RSA。
In the case of Azure DevOps, it only supports the kind of RSA with SHA-1, and SHA-1 is considered very weak.在 Azure DevOps 的情况下,它只支持带有 SHA-1 的那种 RSA,而 SHA-1 被认为是非常弱的。 This essentially means that there are no secure ways to connect to it over SSH, and until they fix that, you're better off using HTTPS or a different hosting service.这实质上意味着没有安全的方法可以通过 SSH 连接到它,在他们解决这个问题之前,您最好使用 HTTPS 或其他托管服务。 GitHub, GitLab, and Bitbucket all support secure methods of authentication. GitHub、GitLab 和 Bitbucket 都支持安全的身份验证方法。
If you really need to use SSH with Azure DevOps at the moment, you can add an entry to your ~/.ssh/config file to work around this:如果您现在确实需要将 SSH 与 Azure DevOps 一起使用,可以在~/.ssh/config文件中添加一个条目来解决此问题:
Host ssh.dev.azure.com
User git
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
However, be aware that this is a workaround and it's known to be insecure, so you should contact Azure DevOps about this problem and switch to HTTPS until they do, or move elsewhere.但是,请注意这是一种解决方法,并且已知它不安全,因此您应该联系 Azure DevOps 解决此问题并切换到 HTTPS,直到他们这样做,或者转移到其他地方。
解决方案2
40 2021-12-21 11:10:35
OpenSSH will report the error no matching host key type found. Their offer: ssh-rsa OpenSSH 将报告no matching host key type found. Their offer: ssh-rsa no matching host key type found. Their offer: ssh-rsa if the server it's connecting to is offering to authenticate over ssh-rsa ( RSA/SHA1 ). no matching host key type found. Their offer: ssh-rsa如果它连接的服务器提供通过ssh-rsa ( RSA/SHA1 ) 进行身份验证。
Azure Devops (TFS) is offering to authenticate over ssh-rsa . Azure Devops (TFS) 提供通过ssh-rsa进行身份验证。 As noted in the answer by bk2204 , this algorithm is not considered cryptographically secure.正如bk2204 的回答中所述,该算法不被认为是密码安全的。
Since it's considered weak, OpenSSH deprecated using SHA-1 in 8.2 in 2020-02-14.由于它被认为很弱,因此 OpenSSH 在 2020 年 2 月 14 日在8.2中弃用了使用SHA-1 。
It is now possible[1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K.
Azure Devops Services subsequently announced a patch to allow SHA-2 Azure Devops Services随后宣布了一个允许SHA-2的补丁
On may 5 2021, the Azure DevOps documentation was updated to mention using RSA 3072 . 2021 年 5 月 5 日,Azure DevOps 文档更新为提到使用RSA 3072 。
Q: Is this true?问:这是真的吗?
¯\_(ツ)_/¯
Q: Which algorithms are supported?问:支持哪些算法?
Doesn't say anywhere.哪里都不说。 Probably only ssh-rsa .可能只有ssh-rsa 。
Q: How do I use a cryptographically unsafe algorithm问:如何使用加密不安全的算法
Add this添加这个
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
To your ~/.ssh/config到你的~/.ssh/config
Host your-azure-devops-domain
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Q: Is Microsoft aware that this is a problem?问:Microsoft 是否意识到这是一个问题?
Q: Do they care?问:他们在乎吗?
解决方案3
36 2021-11-07 18:45:12
According to this post , you can add ssh.dev.azure.com host config to your ~/.ssh/config file:根据这篇文章,您可以将ssh.dev.azure.com主机配置添加到您的~/.ssh/config文件中:
Final
~/.ssh/configthat worked for me:~/.ssh/config:Host ssh.dev.azure.com HostName ssh.dev.azure.com User git IdentityFile ~/.ssh/id_rsa IdentitiesOnly yes PubkeyAcceptedAlgorithms +ssh-rsa HostkeyAlgorithms +ssh-rsa
解决方案4
8 2022-05-24 11:00:56
scp 或 ssh 可以使用这个
ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa user@myhost -p 22
解决方案5
5 2022-05-09 06:24:57
I also got this problem, this worked for me:我也遇到了这个问题,这对我有用:
cd ~/.ssh/
vim config
Host [Hostname]
User [User]
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
I got this problem for a few hostnames so now i have several of those configurations in my ssh config file.我遇到了几个主机名的问题,所以现在我的 ssh 配置文件中有几个这样的配置。
解决方案6
4 2021-12-30 18:53:03
With NixOS 21.11 openSSH got updated to 8.8p1 ( see Changelog ).在 NixOS 21.11 中,openSSH 更新到了 8.8p1(参见变更日志)。 OpenSSH deprecated ssh-rsa along with a couple of other insecure ciphers. OpenSSH 已弃用 ssh-rsa 以及其他一些不安全的密码。
If i understood correctly, you are only using nix as package manager and not NixOS.如果我理解正确,您只是使用 nix 作为包管理器,而不是 NixOS。 If that is the case you can follow the guides in the remaining answers (edit ~/.ssh/config ).如果是这种情况,您可以按照其余答案中的指南进行操作(编辑~/.ssh/config )。
However, when you are using NixOS to configure your server you can re-enable ssh-rsa for the ssh client, by adding to your configuration.nix :但是,当您使用 NixOS 配置服务器时,您可以通过添加到您的configuration.nix来为 ssh 客户端重新启用ssh-rsa :
programs.ssh.extraConfig = ''
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
''
To re-enable the insecure ssh-rsa cipher for your openssh server (eg when legacy clients connect to the server), you can simply add the following lines to your configuration.nix :要为您的 openssh 服务器重新启用不安全的 ssh-rsa 密码(例如,当旧版客户端连接到服务器时),您只需将以下行添加到您的configuration.nix中:
services.openssh.extraConfig = ''
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
'';
解决方案7
2 2022-03-28 15:54:31
Correction for the posted answer.更正已发布的答案。 I had the same issue and I fixed it with the following snippet from above with a tiny fix:我遇到了同样的问题,我用上面的以下代码片段修复了它,并做了一个小小的修复:
Host YOUR-DOMAIN
Hostname YOUR-DOMAIN
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
HostKeyAlgorithms=+ssh-rsa
PubkeyAcceptedAlgorithms=+ssh-rsa
Dont forget to replace YOUR-DOMAIN with the domain you are using on AzureDevOps.不要忘记将YOUR-DOMAIN替换为您在 AzureDevOps 上使用的域。
解决方案8
1 2022-08-01 13:53:31
For those using Azure DevOps, you should use the following ~/.ssh/config , as Azure has a thing with varying what url it returns in its Clone Repository :对于那些使用 Azure DevOps 的人,您应该使用以下~/.ssh/config ,因为 Azure 有一个东西可以改变Z572D4E421E5E6B9BC11D815E8A0271112中返回的内容
Host ssh.dev.azure.com
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
Host vs-ssh.visualstudio.com
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
解决方案9
0 2022-04-19 16:46:27
The format of the workaround wasn't working for me for windows 10 and git version 2.32.0.解决方法的格式不适用于 Windows 10 和 git 版本 2.32.0。 This snippet worked for me这个片段对我有用
Host = Hostname.com主机= 主机名.com
IdentityFile = ~/.ssh/id_rsa身份文件 = ~/.ssh/id_rsa
IdentitiesOnly = yes仅身份= 是
HostkeyAlgorithms = +ssh-rsa HostkeyAlgorithms = +ssh-rsa
PubkeyAcceptedAlgorithms = +ssh-rsa PubkeyAcceptedAlgorithms = +ssh-rsa
解决方案10
0 2022-06-01 06:12:51
I googled a lot a bout this mistake: I have Ubuntu 22.04 and here all my configuration.我用谷歌搜索了很多关于这个错误的信息:我有 Ubuntu 22.04,这里有我的所有配置。
I hope it will help someone.我希望它会帮助某人。
linux@linux:~$ cat /home/username/.ssh/config
Host *
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512
Ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
User username # it depends on your login; this one only for understanding
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
And:和:
/etc/ssh/sshd_config
# Ciphers and keying
Ciphers aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512
HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms diffie-hellman-group1-sha1
解决方案11
0 2022-07-20 16:27:53
I had this issue and it turned out to be because my computer was referencing the wrong ssh.exe file.我遇到了这个问题,原来是因为我的计算机引用了错误的 ssh.exe 文件。
Run the command:运行命令:
which ssh.exe
If this does not return OpenSSH/ssh.exe then this is likely your issue.如果这没有返回 OpenSSH/ssh.exe,那么这可能是您的问题。
Take the return value and rename the ssh.exe file as ssh.exe.org取返回值,将 ssh.exe 文件重命名为 ssh.exe.org
Run跑
which ssh.exe
again and it should now show the OpenSSH/ssh.exe file.再次,它现在应该显示 OpenSSH/ssh.exe 文件。
解决方案12
0 2022-07-26 14:04:16
I also faced this issue on my windows machine while setting up the SSH key for bitbucket在为 bitbucket 设置 SSH 密钥时,我也在我的 windows 机器上遇到了这个问题
Initially, the config file was not created when I generated the public and private key files using the ssh-keygen command, so I used GitBash to create the config file and wrote the below content on it.最初,我使用ssh-keygen命令生成公钥和私钥文件时并没有创建配置文件,所以我使用GitBash创建配置文件并在其上写入以下内容。
To create the file创建文件
touch config
To open and update the created file打开和更新创建的文件
nano config
Content added to the config file添加到配置文件的内容
Host [Hostname]
HostName [Hostname]
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
Note: If you are using your organization's bitbucket account, the hostname will be different or else by default it will be bitbucket.org注意:如果您使用的是组织的 bitbucket 帐户,则主机名将不同,否则默认为 bitbucket.org
解决方案13
0 2022-08-08 10:33:12
In your ~/.ssh/config file, add these lines.在您的~/.ssh/config文件中,添加这些行。
Host *.drush.in
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.