16

I am trying to connect to a repository that works through my VPN. I downloaded Git and when I try to clone the repo, I get this message:

Unable to negotiate with XX.XX.XXX.XXX : no matching host key type found . their offer: ssh-dss

Is there something I am missing?

alextercete
  • 4,871
  • 3
  • 22
  • 36
Keith Ape
  • 1,103
  • 1
  • 12
  • 28
  • Is your local username the same as on the remote machine? Perhaps your URL is wrong. If the usernames are different, you must give them in the URL as well, i.e. `git clone remote-user@remote-host:/path/to/repo.git` – PerlDuck Feb 05 '16 at 22:00

2 Answers2

48

I have found the problem , The new OpenSSH versions disable the ssh-dss (DSA) public key algorithm. DSA was deemed too weak and OpenSSH community recommends against its use.

If you see an error similar to this:

Unable to negotiate with 10.96.8.72: no matching host key type found. Their offer: ssh-dss

...then you must re-enable the DSA keys by editing your ~/.ssh/config file to add the following line:

HostkeyAlgorithms +ssh-dss

You may need to create the ~/.ssh/config file if it does not already exist.

After creating the file, you must restrict access permissions:

chmod 600 ~/.ssh/config

and then do the clone. That should work perfectly fine!

Keith Ape
  • 1,103
  • 1
  • 12
  • 28
1

You're trying to clone over the ssh-protocol. The ssh server on the other side require you to use a dss key authentication, but your ssh client that git uses doesn't have access to one, probably because you haven't created one.

How you create a key depends on which ssh client and what operating system you're using.

When you create a key, you're actually creating a keypair, with one private key and one public key. The public key must be known by the server for the server to be able to authenticate you.

How you add your public key to the servers ssh-server, depends on which ssh server that is used (or which git hosting software that wraps the ssh server).

iveqy
  • 19,951
  • 1
  • 15
  • 20
  • I already created the key sir and i added it to the server before i do the clone step. but still I am getting this error. – Keith Ape Feb 05 '16 at 21:37
  • @user2628079 And you can connect to the server with `ssh xx.xx.xxx.xxx`? – PerlDuck Feb 05 '16 at 21:39
  • no it gives me the same error message – Keith Ape Feb 05 '16 at 21:45
  • 2
    @user2628079 Then it's probably really an ssh problem. If you don't have yet the files `~/.ssh/id_dsa` and `~/.ssh/id_dsa.pub` on your local machine, create them with `ssh-keygen -t dsa` and then insert the file `id_dsa.pub` into `authorized_keys` on the server. `id_rsa.pub` or `identity.pub` won't do. – PerlDuck Feb 05 '16 at 21:53
  • The comment above applies for most ssh clients. However not for all (using putty under windows is one example). Adding the key to the servers authorized_keys file is not correct procedure for all git hosting solutions, like gitolite or gitlab. – iveqy Feb 05 '16 at 21:59
  • @iveqy Good point. Thanks. – PerlDuck Feb 05 '16 at 22:03