Let Git for Windows support ssh-rsa without modifying ssh config file

When you are using the latest Git for Windows, you may see an error message like this:

Unable to negotiate with *** port 22: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.

This error occurs because recently Git for Windows's built-in ssh client (OpenSSH) disables RSA signatures using the SHA-1 hash algorithm by default.

The traditional solution

A common solution is to update ~/.ssh/config and tell git to enable ssh-rsa:

Host your-host-name
   HostkeyAlgorithms +ssh-rsa
   PubkeyAcceptedAlgorithms +ssh-rsa

But, what if I don't want to modify the ssh config file?

The new solution without modifying ssh config file

As we said in the beginning, the problem is caused by Git for Windows's built-in ssh client (OpenSSH). So we can change the ssh client that Git for Windows' uses!

Reinstall and setup

Now, reinstall Git for Windows, and choose a new ssh client in the setup wizard:

1660468720058

The default choice is the first one "Use bundled OpenSSH", and I choosed the third one "Use external OpenSSH". The third one is provided by Windows10 and it supports ssh-rsa by default.

Confirm new host

On my windows machine, after changing the ssh client, something weird happend.

When I clone a repository on a new ssh host, Git for Windows showed a popup window like this:

1660468737764

The text in the popup window seems a little bit confusing. In fact, it's asking me to confirm the new host. So, just type "yes" and press "OK". Then everything is just fine.

This article is originally created by tooli.top. Please indicate the source when reprinting : https://www.tooli.top/posts/git_windows_ssh

Posted on 2022-07-27 Mail to author

Navigator