In the release 8.7, the OpenSSH team announced that the
ssh-rsa signature scheme will be disabled by default in the next version:
ssh-rsa signature scheme uses SHA-1 and it's sensible to chosen-prefix attacks.
This should not be a problem unless you are connecting to a server using the weak
ssh-rsa public key algorithm for host authentication.
💡 If you're using the version 8.7 or a previous one, you can test your remote hosts like a GitLab or a cloud server using:
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
If the connection fails, that means that the signature algorithm is not compatible with the default configuration of OpenSSH 8.8.
If you can't upgrade the signature algorithm on your remote servers but you still need to use them, you can use the following command:
ssh -oHostKeyAlgorithms=+ssh-rsa user@host
Right now, Bitbucket uses this weak signature algorithm, I guess you need to use your Git repositories hosted there. 🥺 You can check your connection with the following command:
ssh -oHostKeyAlgorithms=+ssh-rsa email@example.com
How can we enable this flag for all the Git commands? An easy solution is coming... You can create an SSH configuration file with the following content:
Host bitbucket.org HostKeyAlgorithms +ssh-rsa IdentitiesOnly yes
The default location of this file is under
~/.ssh/config, maybe you already have one. Once you add this configuration value you can use any
git command without restrictions.
I hope this will help you to still SSHing the world 🗺️