I have more than 2 ssh keys which I use to connect to different servers. To be able to clone from azure devops using ssh I created a ssh key inside ~/.ssh/ad-azure and linked it in the configuration file as shown below.
Host vs-ssh.visualstudio.com
HostName vs-ssh.visualstudio.com
User amir
IdentityFile ~/.ssh/ad-azure
IdentitiesOnly yes
PubkeyAcceptedKeyTypes ssh-rsa
now when i use git clone ssh,
git clone [email protected]:v3/test/testProject
It throws following error.
Unable to negotiate with 00.74.28.28 port 22: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
Steps I have followed.
- Created ad-azure ssh key
- Added the key to azureDevops "SSH Public Keys"
- Trying to connect, failing
I already looked into other questions, everything seems ok to me. Can someone spot the issue?
CodePudding user response:
As mentioned in this thread:
The OpenSSH project has removed the public key algorithm ssh-rsa as of Version 8.8. Currently, Azure Devops still only supports ssh-rsa.
For a workaround, with the OpenSSH 8.8, you can add the following to~/.ssh/config:
Host ssh.dev.azure.com
HostkeyAlgorithms ssh-rsa
PubkeyAcceptedAlgorithms ssh-rsa
There is a ticket requesting the support for a stronger algorithm like sha2.
This workaround should be considered insecure going forward because, as I mentioned on the February 2020 issue, and as the OpenSSH project has stated repeatedly, SHA-1 attacks can be accomplished for as little as $50k USD these days.
Please ensure that the Azure Devops host key is signed according to RFC8332 RSA/SHA-256/512 going forward.