OpenSSH 8.7 and ssh-rsa host key

Bitbucket have had a long time to support other keys. AWS also has lagged here but for authentication public keys (not host keys) but now supports ED25519.

Bitbucket has just stood there and done absolutely nothing and the only way to use it now is to lower the security of your system.

If you apply the security degrading workaround make sure it is JUST for the bitbucket.org host and not everything.

Hopefully this will help organisations break the "well its free with Jira so let's just use it" way of thinking and move to a real Git hosting provider.

LMAO how is this not fixed yet?! 1 week away from this issue turning a month old putting aside the enormous complacency that led to this debacle in the first place.

Hi everyone,

One of our engineering managers has published a community article with more info on the issue as well as workarounds:

• https://community.atlassian.com/t5/Bitbucket-articles/OpenSSH-8-8-client-incompatibility-and-workaround/ba-p/1826047

The Bitbucket team is working on adding the updated signature support to our SSH server and we will provide another update once these changes have been implemented.

If you'd like to get notified on updates, you can watch either the community article or this BCLOUD ticket.

Kind regards,
Theodora

As of 2021-10-01 I cannot connect to Bitbucket via SSH without re-enabling ssh-rsa after updates on Arch Linux. It's absolutely ridiculous, that I just went through the support article recommending to use ed25519 key and finding out that Bitbucket does not accept ed25519 :-D

Atlassians, please fix this.

Unable to negotiate with 104.192.141.1 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

I just started getting this issue today, as well. This seems absolutely ridiculous that Bitbucket hasn't upgraded to support any of the new SSH key types yet.

On OpenBSD 6.9, OpenSSH 8.6 this problem does not exist. On my laptop I'm on OpenBSD-current, which now uses OpenSSH 8.7 and I think it's because they made this change:

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.

Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs that is still
enabled by default.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The RFC8709 ssh-ed25519 signature algorithm. It has been supported
   in OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.

OpenSSH recently enabled the UpdateHostKeys option by default to
assist the client by automatically migrating to better algorithms.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

https://www.openssh.com/txt/release-8.7

Facing the same issue here. Not sure if the fact that I heavily rely on the .ssh/config file helps on make this issue happen.

I really appreciate all the help provided by this forum, I was dealing with this issue for a long, it did work, also, I'd like to share this information about SSH on Kali  https://linuxhint.com/enable_ssh_kali_linux/