[Git FAQs] Git clone with SSH HostkeyAlgorithms and PubkeyAcceptedKeyTypes options

no matching host key type found. Their offer: ssh-rsa,ssh-dss

You may see an error no matching host key type found. Their offer: ssh-rsa,ssh-dss when us git clone a remote project / repository with SSH.

1
2
3
$ git clone ssh://git@<Your Git Host>:<Your Git Port>/<Your Group>/<Your Project>.git
Unable to negotiate with <Your Git Host> port <Your Git Port>: no matching host key type found. Their offer: ssh-rsa,ssh-dss
fatal: Could not read from remote repository.

OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.

“OpenSSH Legacy Options”:http://www.openssh.com/legacy.html


Solution

~/.ssh/config

Create or edit ~/.ssh/config file append HostKeyAlgorithms +ssh-rsa and PubkeyAcceptedKeyTypes +ssh-rsa.

1
2
3
4
5
6
7
8
9
10
11
12
13
# .ssh/config

# Global
# Host *
# HostkeyAlgorithms +ssh-rsa
# PubkeyAcceptedKeyTypes +ssh-rsa

# Host
Host <Your Git Name>
HostName <Your Git Host>
Port <Your Git Port>
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

Repository level configuration

Set SSH Options into .git/config file

1
$ git config core.sshCommand 'ssh -o HostKeyAlgorithms +ssh-rss -o PubkeyAcceptedKeyTypes +ssh-rsa'

Command Options

The Released git 2.3 supports a new variable GIT_SSH_COMMAND which can be used to define a command WITH parameters.

1
$ GIT_SSH_COMMAND="ssh -o HostKeyAlgorithms +ssh-rss -o PubkeyAcceptedKeyTypes +ssh-rsa" git clone ssh://git@<Your Git Host>:<Your Git Port>/<Your Group>/<Your Project>.git

References

[1] OpenSSH: Legacy Options - http://www.openssh.com/legacy.html

[2] Passing ssh options to git clone - Stack Overflow - https://stackoverflow.com/questions/7772190/passing-ssh-options-to-git-clone