This error occurs when your SSH client and server cannot agree on a host key algorithm for authentication. Modern OpenSSH versions (8.8+) disabled legacy algorithms like ssh-rsa for security reasons, causing connection failures with older servers still using these algorithms.
SSH uses host key algorithms to verify the identity of the server you're connecting to. During the initial handshake, your SSH client and the remote server negotiate which algorithm to use. This error means the server only offers host key types (like ssh-rsa or ssh-dss) that your SSH client no longer accepts by default. This is typically a security precaution—OpenSSH 8.8 and later disabled ssh-rsa signatures that rely on the SHA-1 hash algorithm due to known cryptographic vulnerabilities. The connection fails because neither side will compromise on an unsafe algorithm.
First, identify exactly which algorithms the server supports. Run:
ssh -v user@hostnameLook for the line that shows "Their offer:" with a comma-separated list of algorithms. This tells you what the server actually supports. Example output:
Unable to negotiate with 192.168.1.100 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dssThis shows the server only offers ssh-rsa and ssh-dss, both deprecated algorithms.
If you need to connect immediately, append the -oHostKeyAlgorithms option to your SSH command:
ssh -o HostKeyAlgorithms=+ssh-rsa user@hostnameOr if that doesn't work, try:
ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa user@hostnameThe + prefix means "add this to the default accepted list" rather than replacing it entirely. This is a quick workaround but should only be used temporarily—see the advanced notes for why.
For a more permanent solution without modifying every SSH command, update your SSH client configuration. Edit ~/.ssh/config (create it if it doesn't exist):
Host myserver
HostName hostname.example.com
User myusername
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsaReplace myserver with an alias, hostname.example.com with the actual server address, and myusername with your username. Then connect using:
ssh myserverTo allow this algorithm for all hosts (less secure, not recommended):
Host *
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsaEnsure the SSH config file has restricted permissions:
chmod 600 ~/.ssh/configSometimes SSH caches old host key information. Clear the cached entry:
ssh-keygen -R hostname.example.comOr for an IP address:
ssh-keygen -R 192.168.1.100This removes the host key from ~/.ssh/known_hosts. On your next connection attempt, you'll be prompted to accept the server's key again. After accepting, retry the connection.
Verify which OpenSSH version is running on your client:
ssh -VExample output:
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Feb 2022If you're on OpenSSH 8.8 or newer and connecting to older servers, this is expected behavior. The long-term solution is to upgrade the server. For a detailed changelog of what changed, see the official OpenSSH release notes.
The most secure and permanent fix is to update the SSH server to a modern version that supports secure algorithms. The process depends on the server OS:
Ubuntu/Debian:
sudo apt update
sudo apt install -y openssh-server
sudo systemctl restart sshCentOS/RHEL:
sudo yum update -y openssh-server openssh-clients
sudo systemctl restart sshdmacOS:
brew install openssh
# Then update your shell's SSH settingsAfter upgrading, the server will support modern algorithms (rsa-sha2-256, rsa-sha2-512, ecdsa-sha2-nistp256, ed25519) and your client will connect without needing workarounds.
Why OpenSSH Disabled ssh-rsa: OpenSSH 8.8 (released September 2021) disabled ssh-rsa signatures because they use the SHA-1 hash algorithm, which has known cryptographic weaknesses. Chosen-prefix collision attacks against SHA-1 are now feasible for under $50K. Using ssh-rsa as a workaround temporarily compromises your security posture.
Modern Alternatives: Most modern servers now support:
- rsa-sha2-256 and rsa-sha2-512 (RSA with SHA-256/SHA-512, secure)
- ecdsa-sha2-nistp256 (Elliptic Curve, good performance/security trade-off)
- ed25519 (Modern, recommended, best security and performance)
These algorithms are backwards compatible with OpenSSH 6.5+ and should be your target for any server upgrade.
For Embedded/Legacy Devices: If upgrading the server isn't possible (e.g., network appliances, embedded systems with custom SSH), using HostKeyAlgorithms=+ssh-rsa is acceptable as a long-term solution, but document it clearly in your SSH config and consider implementing network-level security controls (VPN, jump hosts) to compensate.
Checking Server Support: After upgrading a server, verify it now offers modern algorithms:
ssh -v user@hostname 2>&1 | grep "host key type"You should see algorithms like rsa-sha2-256 or ed25519 in the output, not just ssh-rsa.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH