the ssh service at offers only the deprecated ssh-rsa HostKeyAlgorithm

Asked by dkg on 2020-10-13

Currently, an ssh client that deliberately drops `ssh-rsa` from its list of HostKeyAlgorithms as a conservative defense against known SHA1 attacks cannot connect to

The command line error for me shows:

    Unable to negotiate with port 22: no matching host key type found. Their offer: ssh-rsa

This is because the ssh service at offers only the `ssh-rsa` HostKeyAlgorithm, which is deprecated due to its reliance on SHA1:

(see: as an example)'s ssh service should provide a newer form of ssh host key. If you want to stick with RSA, there are several options that do not depend on SHA1, like rsa-sha2-512 or rsa-sha2-256. Or if you're ok with elliptic curves, you could offer ssh-ed25519. Or you could offer multiple host keys for the service.

Question information

English Edit question
Launchpad itself Edit question
No assignee Edit question
Last query:
Last reply:
Colin Watson (cjwatson) said : #1

This is essentially similar to in many ways, but I agree it would in addition be wise to offer rsa-sha2-512 and/or rsa-sha2-256. I'll just link this to that bug, since requests for software changes should be tracked as bug reports rather than support requests.

Can you help with this problem?

Provide an answer of your own, or ask dkg for more information if necessary.

To post a message you must log in.