How do I fix "no matching host key type found" on Mac?


Newer versions of macOS contain an updated OpenSSH module that no longer supports the older RSA/SHA-1 algorithm. If you recently upgraded to Ventura, or are using a new Mac, you will need to add the following lines to your ~/.ssh/config file:

Host old-host
   HostkeyAlgorithms +ssh-rsa
   PubkeyAcceptedAlgorithms +ssh-rsa

where 'old-host' is the fully qualified domain name of the server you are trying to ssh to (for instance, killerbee2.cc.gatech.edu). If the config file does not exist in your ~/.ssh/ folder, you will need to create it.

WARNING: Connections using this older RSA/SHA-1 algorithm are inherently less secure. Please utilize the formatting in the example above so these security changes apply to a single server not to all ssh connections. TSO is actively working to upgrade the remaining servers that use these older security settings. If you are administer a server that requires these settings, please consider upgrading the server's operating system and security modules. If you have any questions, please reach out to TSO using the contact info here - support.cc.gatech.edu.


Subscribe to RSS - OSX