Featured image of post How to Fix: 'no matching host key type found'

How to Fix: 'no matching host key type found'

You are not able to connect to a Device through SSH, because there is no matching host key type

Home / Posts / How to Fix: 'no matching host key type found'

The Issue

There is a wide range of this issue, depending on what is missing in your current ssh config. The one I faced today, after upgrading my macOS to Ventura. I tried to connect to a Cisco Switch (Nexus 7700) and got the following error:

1
2
Unable to negotiate with 10.10.10.10 port 22: no matching host key type found.
Their offer: ssh-rsa

This points to a missing host key type in the ssh config, the other variation is that the key exchange method is not matching.

1
2
Unable to negotiate with 10.10.10.10 22: no matching key exchange method found.
Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Auvik - Monitor Everything on your Network

The solution

It depends on if you face the “host key type” or “matching key exchange method” issue, but both issues can be solved through adding the missing key type or exchange method.

No matching host key type found

There are two ways to fix the issue, one is permanent through adding the missing host key type to our ssh config. The other way is with an Ad hoc command, for a one time usage.

To make just this ssh connection work, you can add the option directly to the command.

1
ssh -oHostKeyAlgorithms=+ssh-dss 10.10.10.10

The other way is through updating your ssh config file, .ssh/config. There you can add additional host key types for all or just some hosts. To add it for all hosts, just put a * entry and add the required host key type.

1
2
Host *
  HostKeyAlgorithms=+ssh-rsa

Or you add a specific entry for the host.

1
2
Host 10.10.10.10
  HostKeyAlgorithms=+ssh-rsa

No matching key exchange method found

Here it’s the same as with no matching host key type found. You can fix it just Ad hoc or permanently through updating your ssh config.

Ad Hoc fix.

1
ssh -oKexAlgorithms=+diffie-hellman-group-exchange-sha1 10.10.10.10

Or update your .ssh/config file to include the host and the required KexAlgorithms.

1
2
Host *
  KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
comments powered by Disqus
Built with Hugo
Theme Stack designed by Jimmy