Sometimes git clone/pull using SSH keys would fail with the following message even when the SSH keypair is setup on the server:
Unable to negotiate with <GIT_SERVER_IP> port 22: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The resolution is to ask git to use the the following SSH options:
GIT_SSH_COMMAND="ssh -vvv -oHostKeyAlgorithms=+ssh-rsa -oIdentityFile=~/.ssh/id_rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa"
-
(optional)
-vvv: Very very verbose. Prints out lots of details as the SSH connection is made -
-oHostKeyAlgorithms=+ssh-rsa: Usessh-rsaduring handshakes with the server -
-oIdentityFile=: Path to the private SSH key for authentication -
-oPubkeyAcceptedKeyTypes=ssh-rsa: Allowssh-rsa
Examples: Azure Dev Ops (ADO) repo using SSH-RSA key pair
- Clone :
GIT_SSH_COMMAND="ssh -vvv -oHostKeyAlgorithms=+ssh-rsa -oIdentityFile=~/.ssh/id_rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa" git clone [email protected]:v3/Org/Project/Repo - Pull:
GIT_SSH_COMMAND="ssh -vvv -oHostKeyAlgorithms=+ssh-rsa -oIdentityFile=~/.ssh/id_rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa" git pull
You can also update your SSH config file to set the aboce options by default for this Git remote. On Linux, add the following to ~/.ssh/config file:
Host gitserver1
HostName vs-ssh.visualstudio.com
User bizair
IdentityFile ~/.ssh/id_rsa
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa