[MacOS] ventura 13.0 업데이트후 ssh 연결 불가 해결방법 - no matching host key type found. Their offer: ssh-rsa,ssh-dss

오랫만에 봤더니 MacOS 가 업데이트를 하라고 안내를 띄웠다.  그래거 Ventua 13.0(22A380) 으로 업데이트 했더니 아래와 같이 오류를 내면서 ssh 서버접근이 안된다. -_-

user@Mycom ~ % ssh user@remote.server.com
Unable to negotiate with 10.10.10.1 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

해결방법

/etc/ssh/ssh_config 파일을 아래와 같이 수정해보자. 터미널창에서 수정한다면  "sudo vi /etc/ssh/ssh_config" 형태로 접근해서 수정하면 된다.  참고로 재부팅은 필요없다. (vi 사용법을 모른다면 흠...)

 

1. /etc/ssh/ssh_config 값 수정

• # 제거
  • Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
  • MACs hmac-md5,hmac-sha1,umac-64@openssh.com
• 마지막 라인에 값 추가
  •     HostkeyAlgorithms ssh-dss,ssh-rsa
  •     KexAlgorithms +diffie-hellman-group1-sha1

 

동작하도록 세팅한 /etc/ssh/ssh_config 파일의 전체 내용을 보고 싶다면 아래 더보기를 눌러보자.

 

#	$OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# This Include directive is not part of the default ssh_config shipped with
# OpenSSH. Options set in the included configuration files generally override
# those that follow.  The defaults only apply to options that have not been
# explicitly set.  Options that appear multiple times keep the first value set,
# unless they are a multivalue option such as IdentityFile.
Include /etc/ssh/ssh_config.d/*

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
Host *
    SendEnv LANG LC_*
    HostkeyAlgorithms ssh-dss,ssh-rsa
    KexAlgorithms +diffie-hellman-group1-sha1

2. ~/.ssh/known_hosts 파일제거

위와같이 하고 접속했는데, 아래와 같은 오류 메시지가 발생된다면?  ~/.ssh/known_hosts 파일을 삭제하고 다시 접근시도해보자.

user@Mycom ~ % ssh user@remote.server.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
SHA256:ARhT+XFrh1tWX123x+qxrNV/2Fuc01LQ5nfJm51aTTZ.
Please contact your system administrator.
Add correct host key in /Users/user/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/user/.ssh/known_hosts:1
Host key for remote.server.com has changed and you have requested strict checking.
Host key verification failed.

# 위와 같은 오류가 나면 , 아래와 같이 파일삭제하면 됨
user@Mycom ~ % rm ~/.ssh/known_hosts

# 다시 시도하면 접속 성공
user@Mycom ~ % ssh user@remote.server.com
...
[remote:/home1/user]

이렇게 mac 에서 ssh 접근안되는 문제가 해결되었다. 휴