fleet: No matching host key type found. Their offer: ssh-rsa
Hello,
When we proceed to an update of Rancher from 2.6.3 to 2.6.4 (so upgrade fleet to 0.3.9), we faced an issue regarding Fleet. Everything was fine on 2.6.3 but since we proceeded to the update, we are facing this issue. Here is the message we have of every GitRepo:
git ls-remote ssh://git@bitbucket.mydomain.fr:8888/PP0/mygit.git refs/heads/master error: exit status 128, detail: Unable to negotiate with x.x.x.x port 8888: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Regards
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 6
- Comments: 18 (7 by maintainers)
We have seen the same issue and as a workaround switched to https based git repo configs…
Hi, I confirm that! You Can close this issue.
Regards
Hi Folks,
@dtrouillet please check the ssh version of your Bitbucket Repository if you can.
I was having similar Problem with Git Update (latest Version for my client pc was the 2.37.2) which come with a OpenSSH > 8.8. At release notes https://www.openssh.com/txt/release-8.8 i read the “Potentially-incompatible changes” and with some extra config in the config file under .ssh folder with next properties: Host XXX HostkeyAlgorithms +ssh-rsa PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa IdentityFile ~/.ssh/id_rsa_old We got it.
Take into account this is a workaround. Keys and OpenSSH should be updated in both sides of the SSH Connection.
Please read link with similar issue, specially Benchmark at the end:
https://ikarus.sg/rsa-is-not-dead/
Warning, the problem is related to the algorithm used (ssh-rsa) by the server for the ssh host key. So it may not be reproducible with Github. And I confirm that the configuration has absolutely not changed since version 2.6.3 of Rancher.
I don’t believe any of your suggestions apply. It works with the previous version and doesn’t work with the update with the exact same settings and setup. There is clearly an issue.
We have the same issue pointing to an Azure DevOps git repo with an SSH key. This is pretty bad, are there no tests to validate changes? This is a pretty basic use case.