Home > Software engineering >  Cloning from azure devops using ssh config
Cloning from azure devops using ssh config

Time:04-08

I have more than 2 ssh keys which I use to connect to different servers. To be able to clone from azure devops using ssh I created a ssh key inside ~/.ssh/ad-azure and linked it in the configuration file as shown below.

Host vs-ssh.visualstudio.com
  HostName vs-ssh.visualstudio.com
  User amir
  IdentityFile ~/.ssh/ad-azure
  IdentitiesOnly yes
  PubkeyAcceptedKeyTypes ssh-rsa

now when i use git clone ssh,

git clone [email protected]:v3/test/testProject

It throws following error.

Unable to negotiate with 00.74.28.28 port 22: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

Steps I have followed.

  1. Created ad-azure ssh key
  2. Added the key to azureDevops "SSH Public Keys"
  3. Trying to connect, failing

I already looked into other questions, everything seems ok to me. Can someone spot the issue?

CodePudding user response:

As mentioned in this thread:

The OpenSSH project has removed the public key algorithm ssh-rsa as of Version 8.8. Currently, Azure Devops still only supports ssh-rsa.
For a workaround, with the OpenSSH 8.8, you can add the following to ~/.ssh/config:

Host ssh.dev.azure.com
HostkeyAlgorithms  ssh-rsa
PubkeyAcceptedAlgorithms  ssh-rsa

There is a ticket requesting the support for a stronger algorithm like sha2.

This workaround should be considered insecure going forward because, as I mentioned on the February 2020 issue, and as the OpenSSH project has stated repeatedly, SHA-1 attacks can be accomplished for as little as $50k USD these days.

Please ensure that the Azure Devops host key is signed according to RFC8332 RSA/SHA-256/512 going forward.

  • Related