无法与 40.74.28.9 端口 22 协商:找不到匹配的主机密钥类型.他们的报价:ssh-rsa [英] Unable to negotiate with 40.74.28.9 port 22: no matching host key type found. Their offer: ssh-rsa

问题描述

开始使用 NixOS 作为新的包管理系统后，在 Azure DevOps 存储库和 rsa ssh 密钥中使用 git 时出现以下错误:

After start of using NixOS as a new package management system, I get the following error when using git within Azure DevOps repositories and rsa ssh key:

jaroslavbezdek@mac> git pull
Unable to negotiate with 40.74.28.9 port 22: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

请问我可以用它做什么?

What can I do with that, please?

推荐答案

使用 SSH，有几种不同类型的密钥和 RSA 密钥(ssh-rsa)种类可以支持多种签名.签名类型ssh-rsa是指带有SHA-1的RSA，而签名类型rsa-sha2-256是带有SHA-256和rsa-sha2的RSA-512 是带有 SHA-512 的 RSA.

With SSH, there are several different types of keys and RSA keys (the ssh-rsa) kind can support multiple kinds of signatures. The signature type ssh-rsa refers to RSA with SHA-1, whereas the signature type rsa-sha2-256 is RSA with SHA-256 and rsa-sha2-512 is RSA with SHA-512.

在 Azure DevOps 的情况下，它只支持带有 SHA-1 的那种 RSA，而 SHA-1 被认为是非常弱的.这基本上意味着没有安全的方法可以通过 SSH 连接到它，在他们解决这个问题之前，你最好使用 HTTPS 或其他托管服务.GitHub、GitLab 和 Bitbucket 都支持安全的身份验证方法.

In the case of Azure DevOps, it only supports the kind of RSA with SHA-1, and SHA-1 is considered very weak. This essentially means that there are no secure ways to connect to it over SSH, and until they fix that, you're better off using HTTPS or a different hosting service. GitHub, GitLab, and Bitbucket all support secure methods of authentication.

如果您目前确实需要将 SSH 与 Azure DevOps 结合使用，您可以在 ~/.ssh/config 文件中添加一个条目来解决此问题:

If you really need to use SSH with Azure DevOps at the moment, you can add an entry to your ~/.ssh/config file to work around this:

Host ssh.dev.azure.com
    User git
    PubkeyAcceptedAlgorithms +ssh-rsa
    HostkeyAlgorithms +ssh-rsa

但是，请注意，这是一种变通方法，并且已知它不安全，因此您应该就此问题联系 Azure DevOps 并切换到 HTTPS，直到他们这样做为止，或者转移到其他地方.

However, be aware that this is a workaround and it's known to be insecure, so you should contact Azure DevOps about this problem and switch to HTTPS until they do, or move elsewhere.

这篇关于无法与 40.74.28.9 端口 22 协商:找不到匹配的主机密钥类型.他们的报价:ssh-rsa的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！