fleet: No matching host key type found. Their offer: ssh-rsa

Hello,

When we proceed to an update of Rancher from 2.6.3 to 2.6.4 (so upgrade fleet to 0.3.9), we faced an issue regarding Fleet. Everything was fine on 2.6.3 but since we proceeded to the update, we are facing this issue. Here is the message we have of every GitRepo:

git ls-remote ssh://git@bitbucket.mydomain.fr:8888/PP0/mygit.git refs/heads/master error: exit status 128, detail: Unable to negotiate with x.x.x.x port 8888: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Regards

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 6
  • Comments: 18 (7 by maintainers)

Most upvoted comments

We have seen the same issue and as a workaround switched to https based git repo configs…

+2
Martin-Weiss on Apr 26, 2022

Hi, I confirm that! You Can close this issue.

Regards

+1
dtrouillet on Sep 28, 2022

Hi Folks,

@dtrouillet please check the ssh version of your Bitbucket Repository if you can.

I was having similar Problem with Git Update (latest Version for my client pc was the 2.37.2) which come with a OpenSSH > 8.8. At release notes https://www.openssh.com/txt/release-8.8 i read the “Potentially-incompatible changes” and with some extra config in the config file under .ssh folder with next properties: Host XXX HostkeyAlgorithms +ssh-rsa PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa IdentityFile ~/.ssh/id_rsa_old We got it.

Take into account this is a workaround. Keys and OpenSSH should be updated in both sides of the SSH Connection.

Please read link with similar issue, specially Benchmark at the end:

https://ikarus.sg/rsa-is-not-dead/

+1
harryssuperman on Sep 22, 2022

Warning, the problem is related to the algorithm used (ssh-rsa) by the server for the ssh host key. So it may not be reproducible with Github. And I confirm that the configuration has absolutely not changed since version 2.6.3 of Rancher.

+1
dtrouillet on Jul 9, 2022

I don’t believe any of your suggestions apply. It works with the previous version and doesn’t work with the update with the exact same settings and setup. There is clearly an issue.

+1
gravufo on Jul 8, 2022

We have the same issue pointing to an Azure DevOps git repo with an SSH key. This is pretty bad, are there no tests to validate changes? This is a pretty basic use case.

+1
gravufo on May 4, 2022
Read more comments on GitHub
← fleet: invalid_label_reference for magic labels
fleet: [SURE-5668] Fleet BundleDeployments does not reflect new labels from Bundles →