Let Git for Windows support ssh-rsa without modifying ssh config file

When you are using the latest Git for Windows, you may see an error message like this:

Unable to negotiate with *** port 22: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.

This error occurs because recently Git for Windows's built-in ssh client (OpenSSH) disables RSA signatures using the SHA-1 hash algorithm by default.

The traditional solution

A common solution is to update ~/.ssh/config and tell git to enable ssh-rsa:

Host your-host-name
   HostkeyAlgorithms +ssh-rsa
   PubkeyAcceptedAlgorithms +ssh-rsa

But, what if I don't want to modify the ssh config file?

The new solution without modifying ssh config file

As we said in the beginning, the problem is caused by Git for Windows's built-in ssh client (OpenSSH). So we can change the ssh client that Git for Windows' uses!

Reinstall and setup

Now, reinstall Git for Windows, and choose a new ssh client in the setup wizard:

1660468720058

The default choice is the first one "Use bundled OpenSSH", and I choosed the third one "Use external OpenSSH". The third one is provided by Windows10 and it supports ssh-rsa by default.

Confirm new host

On my windows machine, after changing the ssh client, something weird happend.

When I clone a repository on a new ssh host, Git for Windows showed a popup window like this:

1660468737764

The text in the popup window seems a little bit confusing. In fact, it's asking me to confirm the new host. So, just type "yes" and press "OK". Then everything is just fine.

Posted on 2022-07-27