起因

话说部门最近搭了一个jump-server，有同事说他无法登录，报错 如下，看起来是rsa冲突：

Unable to negotiate with 192.168.41.11 port 32222: no matching host key type found. Their offer: ssh-rsa

然后他强调他电脑上装了linux，这个公钥匙用github是正常的，没多想，先排除法，找个虚拟机生成了一个新的key，后台绑定后发现可以登录，翻翻互联网吧，找到一个帖子，连接时要增加2行配置。

解决

https://stackoverflow.com/questions/69875520/unable-to-negotiate-with-40-74-28-9-port-22-no-matching-host-key-type-found-th

修改 ~/.ssh/config 配置，增加类似配置。

Host ssh.dev.azure.com
HostName ssh.dev.azure.com
User git
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa

试了一下，果然可以登录了。

来龙去脉

得搞清原因呀，继续翻，找到官网 8.8的介绍，原来OpenSSH 8.8/8.8p1 (2021-09-26) 发布时修改了默认sha-rsa支持，所以，如果客户端升级了，服务还没支持，那就先改客户端兼容一下。

介绍文档 https://www.openssh.com/releasenotes.html


Potentially-incompatible changes
================================
This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]

For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.

Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:

Host old-host
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf

再回头看一下同事的 ssh版本

ssh -V 看一下输出， OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021 ，正好时升级后的新版，报错的原因找到了，问题解决。