After start of using NixOS as a new package management system, I get the following error when using git within Azure DevOps repositories and rsa ssh key:

jaroslavbezdek@mac> git pull
Unable to negotiate with 40.74.28.9 port 22: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

What can I do with that, please?

CodePudding user response：

With SSH, there are several different types of keys and RSA keys (the ssh-rsa) kind can support multiple kinds of signatures. The signature type ssh-rsa refers to RSA with SHA-1, whereas the signature type rsa-sha2-256 is RSA with SHA-256 and rsa-sha2-512 is RSA with SHA-512.

In the case of Azure DevOps, it only supports the kind of RSA with SHA-1, and SHA-1 is considered very weak. This essentially means that there are no secure ways to connect to it over SSH, and until they fix that, you're better off using HTTPS or a different hosting service. GitHub, GitLab, and Bitbucket all support secure methods of authentication.

If you really need to use SSH with Azure DevOps at the moment, you can add an entry to your ~/.ssh/config file to work around this:

Host ssh.dev.azure.com
    User git
    PubkeyAcceptedAlgorithms  ssh-rsa
    HostkeyAlgorithms  ssh-rsa

However, be aware that this is a workaround and it's known to be insecure, so you should contact Azure DevOps about this problem and switch to HTTPS until they do, or move elsewhere.

CodePudding user response：

According to this post:

Final ~/.ssh/config that worked for me:

Host ssh.dev.azure.com
    HostName ssh.dev.azure.com
    User git
    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes
    PubkeyAcceptedAlgorithms  ssh-rsa
    HostkeyAlgorithms  ssh-rsa