git错误未找到匹配的主机密钥类型。他们的报价:SSH-RSA
时会遇到以下错误?
$ git pull
Unable to negotiate with 172.16.42.42 port 22: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
使用 git :如何解决此错误
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(18)
根据这篇文章,您可以将
ssh.dev.azure.com主机>主机配置添加到您的〜/.ssh/config文件:According to this post, you can add
ssh.dev.azure.comhost config to your~/.ssh/configfile:SCP或SSH可以使用此
scp or ssh could used this
对于使用Azure DevOps的人,您应该使用以下〜/.ssh/config ,因为Azure具有在其 clone储存库中返回的url的变化:
For those using Azure DevOps, you should use the following ~/.ssh/config, as Azure has a thing with varying what url it returns in its Clone Repository:
在您的
〜/.ssh/config文件中,添加这些行。In your
~/.ssh/configfile, add these lines.有2个步骤:
将配置文件(无扩展)添加到您的
〜/.ssh/.ssh/目录。将以下内容添加到配置文件:
There are 2 steps:
Add config file (without extension) to your
~/.ssh/directory.Add below content to the config file:
我也遇到了这个问题,这对我有用:
我在一些主机名中遇到了这个问题,所以现在我的SSH配置文件中有几个配置。
I also got this problem, this worked for me:
I got this problem for a few hostnames so now i have several of those configurations in my ssh config file.
使用Nixos 21.11 Openssh更新为8.8p1(请参阅)。 Openssh弃用了SSH-RSA以及其他几个不安全的密码。
如果我正确理解的话,您仅使用NIX作为软件包管理器而不是Nixos。如果是这种情况,则可以在其余答案中遵循指南(编辑
〜/.ssh/config)。但是,当您使用nixos配置服务器时,可以通过添加到您的
configuration.nix:重新启用
ssh-rsa。不安全的SSH-RSA密码用于OpenSSH服务器(例如,当Legacy客户端连接到服务器时),您只需将以下行添加到configuration.nix:With NixOS 21.11 openSSH got updated to 8.8p1 ( see Changelog ). OpenSSH deprecated ssh-rsa along with a couple of other insecure ciphers.
If i understood correctly, you are only using nix as package manager and not NixOS. If that is the case you can follow the guides in the remaining answers (edit
~/.ssh/config).However, when you are using NixOS to configure your server you can re-enable
ssh-rsafor the ssh client, by adding to yourconfiguration.nix:To re-enable the insecure ssh-rsa cipher for your openssh server (e.g. when legacy clients connect to the server), you can simply add the following lines to your
configuration.nix:更正已发布的答案。我遇到了同样的问题,并用上面的以下片段修复了一个很小的修复程序:
不要忘记将
您的域用您在Azuredevops上使用的域替换。Correction for the posted answer. I had the same issue and I fixed it with the following snippet from above with a tiny fix:
Dont forget to replace
YOUR-DOMAINwith the domain you are using on AzureDevOps.解决方案的格式对我来说在Windows 10和GIT版本2.32.0上不适用于我。这个片段对我有用
主机 = hostname.com
IdentityFile =〜/.ssh/id_rsa
身份 =是
hostKeyalgorithms = +ssh-rsa
PubKeyAcceptedalgorithms = +SSH-RSA
The format of the workaround wasn't working for me for windows 10 and git version 2.32.0. This snippet worked for me
Host = Hostname.com
IdentityFile = ~/.ssh/id_rsa
IdentitiesOnly = yes
HostkeyAlgorithms = +ssh-rsa
PubkeyAcceptedAlgorithms = +ssh-rsa
我谷歌搜索了很多错误:我有Ubuntu 22.04和我所有的配置。
我希望这会帮助某人。
linux@linux:〜$ cat/home/username/.ssh/configand:
/etc/etc/ssh/ssh/sshd_configI googled a lot a bout this mistake: I have Ubuntu 22.04 and here all my configuration.
I hope it will help someone.
linux@linux:~$ cat /home/username/.ssh/configAnd:
/etc/ssh/sshd_config简明的解决方案:
ssh -ohostkeyalgorithms =+ssh-rsa [email  procearted]A concise solution to this:
ssh -oHostKeyAlgorithms=+ssh-rsa [email protected]我还在Windows计算机上设置BitBucket的SSH键时也遇到了此问题
,当我使用 ssh-keygen 命令生成公共和私有密钥文件时,并未创建配置文件,所以我使用 gitbash 创建配置文件并在其上写下以下内容。
要创建文件
注意的创建文件
以打开和更新添加到配置文件
内容:如果您使用组织的BitBucket帐户,则主机名将有所不同,否则默认情况下它将是bitbucket.org
I also faced this issue on my windows machine while setting up the SSH key for bitbucket
Initially, the config file was not created when I generated the public and private key files using the ssh-keygen command, so I used GitBash to create the config file and wrote the below content on it.
To create the file
To open and update the created file
Content added to the config file
Note: If you are using your organization's bitbucket account, the hostname will be different or else by default it will be bitbucket.org
通过这种方式,它可以工作:
By this way, it worked:
我遇到了这个问题,事实证明是因为我的计算机引用了错误的ssh.exe文件。
运行命令:
如果这不返回openssh/ssh.exe,则可能是您的问题。
以返回值并将ssh.exe文件重命名为ssh.exe.org
run
ssh.exe再次将其重命名为,现在应该显示openssh/ssh.exe文件。
I had this issue and it turned out to be because my computer was referencing the wrong ssh.exe file.
Run the command:
If this does not return OpenSSH/ssh.exe then this is likely your issue.
Take the return value and rename the ssh.exe file as ssh.exe.org
Run
which ssh.exeagain and it should now show the OpenSSH/ssh.exe file.
对于MacOS,您实际上需要编辑
/etc/ssh/ssh_config而不是.ssh/config。我没有应用本地配置。For macOS, you actually need to edit
/etc/ssh/ssh_configinstead of.ssh/config. The local config wasn't applied for me.您只需要添加它:
以〜/.ssh/config
享受。 )
You just need to add it:
At your ~/.ssh/config
Enjoy. ;)
使用SSH,有几种不同类型的键和RSA键(
ssh-rsa)可以支持多种签名。签名类型ssh-rsa用SHA-1指的是RSA,而签名类型rsa-sha2-256是带有SHA-256和RSA-SHA2的RSA -512是带有SHA-512的RSA。就Azure DevOps而言,它仅支持SHA-1的RSA类型,而SHA-1被认为非常弱。从本质上讲,这意味着没有安全的方法可以通过SSH连接到它,直到他们解决此问题之前,最好使用HTTPS或其他托管服务。 GitHub,GitLab和Bitbucket都支持安全身份验证的安全方法。
如果您目前确实需要与Azure DevOps一起使用SSH,则可以在
〜/.ssh/config文件中添加一个条目以解决此问题:但是,请注意,这是解决方法众所周知,这是不安全的,因此您应该联系有关此问题的Azure Devops,然后切换到HTTPS,直到它们做到或移动到其他地方。
With SSH, there are several different types of keys and RSA keys (the
ssh-rsa) kind can support multiple kinds of signatures. The signature typessh-rsarefers to RSA with SHA-1, whereas the signature typersa-sha2-256is RSA with SHA-256 andrsa-sha2-512is RSA with SHA-512.In the case of Azure DevOps, it only supports the kind of RSA with SHA-1, and SHA-1 is considered very weak. This essentially means that there are no secure ways to connect to it over SSH, and until they fix that, you're better off using HTTPS or a different hosting service. GitHub, GitLab, and Bitbucket all support secure methods of authentication.
If you really need to use SSH with Azure DevOps at the moment, you can add an entry to your
~/.ssh/configfile to work around this:However, be aware that this is a workaround and it's known to be insecure, so you should contact Azure DevOps about this problem and switch to HTTPS until they do, or move elsewhere.
Openssh将报告错误
找不到匹配的主机密钥类型。他们的报价:SSH-RSA如果服务器连接到的服务器提供通过
ssh-rsa(rsa/sha1)进行身份验证。Azure Devops(TFS)提供通过
ssh-rsa进行身份验证。如 BK2204的答案,此算法在密码上不被视为密码。由于被认为是弱的,因此Openssh reteprecated 在
8.2在2020-02-14中。azure devops 服务随后宣布了一个补丁允许
SHA-2在2021年5月5日,Azure DevOps文档是更新使用
RSA 3072提及。问:这是真的吗?
`\ _(ツ)_/Q:支持哪种算法?
没有在任何地方说。可能只有
ssh-rsa。问:如何使用加密算法不安全算法
将其添加
到您的
〜/.ssh/configq:Microsoft是否知道这是一个问题?
yes y是
<
是。
问:他们在乎吗?
no
>
特征
OpenSSH will report the error
no matching host key type found. Their offer: ssh-rsaif the server it's connecting to is offering to authenticate over
ssh-rsa(RSA/SHA1).Azure Devops (TFS) is offering to authenticate over
ssh-rsa. As noted in the answer by bk2204, this algorithm is not considered cryptographically secure.Since it's considered weak, OpenSSH deprecated using
SHA-1in8.2in 2020-02-14.Azure Devops Services subsequently announced a patch to allow
SHA-2On may 5 2021, the Azure DevOps documentation was updated to mention using
RSA 3072.Q: Is this true?
¯\_(ツ)_/¯Q: Which algorithms are supported?
Doesn't say anywhere. Probably only
ssh-rsa.Q: How do I use a cryptographically unsafe algorithm
Add this
To your
~/.ssh/configQ: Is Microsoft aware that this is a problem?
Yes
they
are.
Q: Do they care?
No
it's a
feature