Module SSH no matching host key type found & Handshake failed: no matching host key format

Jerome · September 30, 2022, 6:47am

Hello,

I use the module SSH in my scenario, and from a few moments, the connexion to my server not work.

I Look, and I see that, the module ssh in make can’t connect to my server. I look the log on my server and I see :
Unable to negotiate with 54.78.149.203 port 57967: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]

I read on internet, and a found some solution, experience, but nothing work …

I try to update the ~/.ssh/config file with
host *
HostKeyAlgorithms +ssh-rsa

but it s not work.

Are you a best practice to retablish the connection to my server ?

Cdt

make_expert · September 30, 2022, 10:57am

Hi @Jerome

Post a few screenshots of how you set up the connection or module, and hide credentials when you post this.

Jerome · September 30, 2022, 11:54am

I have try to recreate a pair of ssh2:256 key …

Jerome · September 30, 2022, 12:53pm

The log of ssh in debug mode when I try to valid the connexion beewten Make an my server …

sshd[12179]: debug3: fd 5 is not O_NONBLOCK
sshd[12179]: debug1: Forked child 12290.
sshd[12179]: debug3: send_rexec_state: entering fd = 8 config len 3364
sshd[12179]: debug3: ssh_msg_send: type 0
sshd[12179]: debug3: send_rexec_state: done
sshd[12290]: debug3: oom_adjust_restore
sshd[12290]: debug1: Set /proc/self/oom_score_adj to 0
sshd[12290]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
sshd[12290]: debug1: inetd sockets after dupping: 4, 4
sshd[12290]: Connection from 54.78.149.203 port 43374 on xxx.xxx.xxx.xxxx port xxxx rdomain “”
sshd[12290]: debug1: Local version string SSH-2.0-OpenSSH_9.0p1 Debian-1+b1
sshd[12290]: debug1: Remote protocol version 2.0, remote software version ssh2js1.5.0
sshd[12290]: debug1: compat_banner: no match: ssh2js1.5.0
sshd[12290]: debug2: fd 4 setting O_NONBLOCK
sshd[12290]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox
sshd[12290]: debug2: Network child is on pid 12291
sshd[12290]: debug3: preauth child monitor started
sshd[12290]: debug3: privsep user:group 107:65534 [preauth]
sshd[12290]: debug1: permanently_set_uid: 107/65534 [preauth]
sshd[12290]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
sshd[12290]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
sshd[12290]: debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
sshd[12290]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
sshd[12290]: debug3: send packet: type 20 [preauth]
sshd[12290]: debug1: SSH2_MSG_KEXINIT sent [preauth]
sshd[12290]: debug3: receive packet: type 20 [preauth]
sshd[12290]: debug1: SSH2_MSG_KEXINIT received [preauth]
sshd[12290]: debug2: local server KEXINIT proposal [preauth]
sshd[12290]: debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com ,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
sshd[12290]: debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
sshd[12290]: debug2: ciphers ctos: chacha20-poly1305@openssh.com ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com ,aes256-gcm@openssh.com [preauth]
sshd[12290]: debug2: ciphers stoc: chacha20-poly1305@openssh.com ,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com ,aes256-gcm@openssh.com [preauth]
sshd[12290]: debug2: MACs ctos: umac-64-etm@openssh.com ,umac-128-etm@openssh.com ,hmac-sha2-256-etm@openssh.com ,hmac-sha2-512-etm@openssh.com ,hmac-sha1-etm@openssh.com ,umac-64@openssh.com ,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
sshd[12290]: debug2: MACs stoc: umac-64-etm@openssh.com ,umac-128-etm@openssh.com ,hmac-sha2-256-etm@openssh.com ,hmac-sha2-512-etm@openssh.com ,hmac-sha1-etm@openssh.com ,umac-64@openssh.com ,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
sshd[12290]: debug2: compression ctos: none,zlib@openssh.com [preauth]
sshd[12290]: debug2: compression stoc: none,zlib@openssh.com [preauth]
sshd[12290]: debug2: languages ctos: [preauth]
sshd[12290]: debug2: languages stoc: [preauth]
sshd[12290]: debug2: first_kex_follows 0 [preauth]
sshd[12290]: debug2: reserved 0 [preauth]
sshd[12290]: debug2: peer client KEXINIT proposal [preauth]
sshd[12290]: debug2: KEX algorithms: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512 [preauth]
sshd[12290]: debug2: host key algorithms: ssh-rsa,ssh-dss [preauth]
sshd[12290]: debug2: ciphers ctos: aes256-gcm@openssh.com ,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc [preauth]
sshd[12290]: debug2: ciphers stoc: aes256-gcm@openssh.com ,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc [preauth]
sshd[12290]: debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5 [preauth]
sshd[12290]: debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5 [preauth]
sshd[12290]: debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
sshd[12290]: debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
sshd[12290]: debug2: languages ctos: [preauth]
sshd[12290]: debug2: languages stoc: [preauth]
sshd[12290]: debug2: first_kex_follows 0 [preauth]
sshd[12290]: debug2: reserved 0 [preauth]
sshd[12290]: debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
sshd[12290]: debug1: kex: host key algorithm: (no match) [preauth]
sshd[12290]: Unable to negotiate with 54.78.149.203 port 43374: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
sshd[12290]: debug1: do_cleanup [preauth]
sshd[12290]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
sshd[12290]: debug1: monitor_read_log: child log fd closed
sshd[12290]: debug3: mm_request_receive: entering
sshd[12290]: debug1: do_cleanup
sshd[12290]: debug3: PAM: sshpam_thread_cleanup entering
sshd[12290]: debug1: Killing privsep child 12291
sshd[12290]: debug1: audit_event: unhandled event 12

optimal_prime · December 5, 2022, 6:36pm

Did you ever get this resolved? I have a very similar issue that only started after I upgraded to the latest Ubuntu and made the fatal error of allowing the update to change the sshd config file.

But yeah I’m in the same boat:
sshd[39522]: Unable to negotiate with 54.80.47.193 port 7013: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]

Someone please help, I’ve been trying to figure this out for hours and haven’t made any progress. It worked for months before this and I have a deadline tomorrow

Drew_QCK · March 10, 2023, 5:41pm

Did you get this resolved? Trying to connect an SFTP server and running into same issues.