解决 ssh 找不到对应主机密钥类型

威廉姆施

解决办法

如果最近升级到了 openssh 8.8 版，你会发现连接某些之前连接得好好的服务器突然无法连接：

1. Unable to negotiate with x.x.x.x port 2222: no matching host key type found. Their offer: ssh-rsa

复制代码

解决办法是 ssh 命令指定算法：

1. ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa user@host -p 2222

复制代码

上面比较麻烦，可以修改 ssh 配置文件 ~/.ssh/config，对于无法成功连接的 host，增加以下配置项:

1. HostKeyAlgorithms +ssh-rsa
2. PubkeyAcceptedKeyTypes +ssh-rsa

复制代码

完整的配置如下：

1. Host jump
2.     Port 2222
3.     HostName x.x.x.x
4.     User ***
5.     IdentityFile ~/.ssh/id_rsa
6.     UseKeychain yes
7.     AddKeysToAgent yes
8.     PreferredAuthentications publickey
9.     HostKeyAlgorithms +ssh-rsa
10.     PubkeyAcceptedKeyTypes +ssh-rsa

复制代码

问题原因

根据 OpenSSH 8.8 Release Notes 信息：
[code]This release disables RSA signatures using the SHA-1 hash algorithmby default. This change has been made as the SHA-1 hash algorithm iscryptographically broken, and it is possible to create chosen-prefixhash collisions for