Hey everyone,
I’m running into an issue when trying to connect to a remote server via SSH on my Mac. I keep getting the following error message:
no matching host key type found. Their offer: ssh-rsa
Has anyone faced this before? What can I do to fix it? I appreciate any advice or suggestions! Thanks in advance.
If you’ve encountered the error message “no matching host key type found. Their offer: ssh-rsa” while trying to connect to a remote server via SSH on your Mac, you’re not alone.
This issue arises more frequently due to updates in macOS and the security protocols surrounding SSH connections. In this article, we’ll explore why this error occurs and walk you through how to resolve it, allowing you to successfully connect to your remote server.
This error no matching host key type found. Their offer: ssh-rsa typically happens because recent versions of OpenSSH, the SSH protocol used on macOS, have deprecated weaker algorithms like ssh-rsa due to security vulnerabilities. The server you’re trying to connect to is still using the older ssh-rsa key type, but your Mac’s SSH client no longer supports this by default for host key verification. As a result, your system is unable to authenticate the host’s key, causing the connection to fail.
In simple terms, your Mac’s SSH client and the server are using different, incompatible encryption methods, which is why you see the “no matching host key type” error.
To resolve this issue, you have a few different options depending on your specific needs and preferences. Let’s explore some of the most effective methods:
(1) Enable ssh-rsa for host keys temporarily
If you want to keep using ssh-rsa just for this specific server connection, you can add a configuration option that allows ssh-rsa for this server without lowering your security settings globally.
Finder > Applications > Utilities > Terminal. Type nano ~/.ssh/config, then add Host your-server-hostname
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
(Replace your-server-hostname with the actual hostname or IP address of you.)
Press Control + X keys and hit the Enter key.
Try connecting to the server again: ssh username@your-server-hostname
(2) Use the -o Option to Override for One-Time Use
If you prefer not to modify the configuration file, you can specify the accepted key algorithms directly in your SSH command for a one-time connection.
Run the SSH command with the -o option in Terminal
ssh -o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa username@your-server-hostname
Okay, I encountered this issue before and I tried the fixes on the forum: Upgrade or reconfigure the server.
If you have administrative access to the server, a more secure and future-proof solution is to upgrade the server’s SSH settings to use stronger, modern encryption algorithms.
On the server, update the SSH daemon configuration to support newer key types such as ecdsa-sha2-nistp256 or ed25519.
This ensures your server is using up-to-date cryptographic standards and avoids relying on older, deprecated algorithms like ssh-rsa.
Thanks, my problem is fixed with your method 2.