The ssh sting of the jammy jellyfish

mkruger777

I used Ubuntu 20.04 Foscal-Fossa for golang development for a few years, happily coding, pulling and pushing code to my git repos on the google cloud via ssh keys. The time came to move to the next LTS Ubuntu version which was Ubuntu 22.04 jammy jellyfish. I opted for a clean install and all went well. That was until I attempted to clone my git repos using the same ssh key used on the previous version 22.04.

The whole setup resembled the exact one used in 20.04, but did not work for some reason. The error you encounter on attempting to perform a git clone for instance is:

<!-- wp:paragraph -->
<p>monk@jammyjelly: git clone ssh://monk@gmail.com@<a rel="noreferrer noopener" href="http://source.developers.google.com:2022/p/development-209207/r/grafana" target="_blank">source.developers.google.com:4567/p/development-656809/r/grafana</a><br>Cloning into 'grafana'...<br>monk@gmail.com@<a rel="noreferrer noopener" href="http://source.developers.google.com/" target="_blank">source.developers.google.com</a>: Permission denied (publickey).<br>fatal: Could not read from remote repository.</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>Please make sure you have the correct access rights<br>and the repository exists.</p>
<!-- /wp:paragraph -->

The reason was that the ssh protocol was changed and implemented on 22.04. After checking it seemed like RSA/SHA1 was no longer supported in 22.04 but was alive and well in 20.04 – hence it was still working there.

Quoting Julian Andres Klode (juliank)

“Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options.”

The fix for me was:

new file in: ~/.ssh/config

Added the following content which will enable RSA/SHA1 for host and user authentication for a single destination host:

    Host old-host
        HostkeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa

After this was done ssh worked like a charm, as always!

Source:

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1961833

This solution works as well.

On connecting with Git to Tfs on-prem (Version Azure DevOps Server 2020 Update 1) the following lines in ~/.ssh/config worked:

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

After all, was added running this command was also required: ssh-add

Leave a comment