Recently I encountered a problem where I was unable to push commits to a github repository that I have been working on. The error looked like this.
Unable to negotiate with XX.XXX.XX.XX: no matching host key type found. Their offer: ssh-dss
After digging around I found this stackoverflow answer, but all the sources I looked into pointed to the same solution of adding the following to the ~/.ssh/config file.
HostkeyAlgorithms +ssh-dss
That means that currently my config files looks roughly like this (the other stuff is based on this link from Github).
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
HostkeyAlgorithms +ssh-dss
But after adding this line I encountered a new error.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
First I thought this must be because of the changes to the config file, so I removed my id_rsa and id_rsa.pub from ~/.ssh/, deleted my public key from Github and went through the steps of adding new SSH keys into Github as described here. That did not change anything. I have also done that several times to make sure I was not missing out any steps.
I tried running ssh -vT git@github.com and that results in the following output.
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/USERNAME/.ssh/config
debug1: /Users/USERNAME/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/USERNAME/.ssh/id_rsa type 0
debug1: identity file /Users/USERNAME/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version libssh-0.6.5
debug1: no match: libssh-0.6.5
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-dss
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-dss SHA256:yFnU6TvO6zNzGXkSXQFHN1Up7RQnm3qrAVvVdYSpi8A
debug1: Host 'github.com' is known and matches the DSA host key.
debug1: Found key in /Users/USERNAME/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: Will attempt key: /Users/USERNAME/.ssh/id_rsa RSA SHA256:QL+l5m6pNX2a1XqaZ3YYRqJz0An9grTjazb/V4U0j88 explicit agent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/USERNAME/.ssh/id_rsa RSA SHA256:QL+l5m6pNX2a1XqaZ3YYRqJz0An9grTjazb/V4U0j88 explicit agent
debug1: Server accepts key: /Users/USERNAME/.ssh/id_rsa RSA SHA256:QL+l5m6pNX2a1XqaZ3YYRqJz0An9grTjazb/V4U0j88 explicit agent
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).
I don't see anything here that is helping me, but I am no expert hence this question.
I have also ran ssh-add -l -E md5 which results in the following
4096 MD5:17:05:8f:63:fa:28:0b:ec:1b:39:3d:17:16:61:4d:f1 githubemail@foobar.com (RSA)
which matches what I can see on Github for my publickey.
Does anyone have any idea what could be wrong/what step I should try next? It might be worth pointing out that I have full access rights to this repository and I have been working on it for quite some time successfully until recently.
All the best Axel
