SSH returns: no matching host key type found. Their offer: ssh-dss
Solution 1:
The version of OpenSSH included in 16.04 disables ssh-dss. There's a neat page with legacy information that includes this issue: http://www.openssh.com/legacy.html
In a nutshell, you should add the option -oHostKeyAlgorithms=+ssh-dss to the SSH command:
ssh -oHostKeyAlgorithms=+ssh-dss [email protected]
You can also add a host pattern in your ~/.ssh/config so you don't have to specify the key algorithm every time:
Host nas
HostName 192.168.8.109
HostKeyAlgorithms=+ssh-dss
This has the added benefit that you don't need to type out the IP address. Instead, ssh will recognize the host nas and know where to connect to. Of course you can use any other name in its stead.
Solution 2:
If you came here because Bitbucket returns the following after an update to OpenSSH 8.8:
Unable to negotiate with <ip address> port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
you should NOT enable DSS (like in the accepted answer), but rather RSA in ~/.ssh/config:
Host bitbucket.org
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
Reference: https://community.atlassian.com/t5/Bitbucket-articles/OpenSSH-8-8-client-incompatibility-and-workaround/ba-p/1826047
Note that PubkeyAcceptedKeyTypes is a backwards compatible alias to PubkeyAcceptedAlgorithms which has been suggested in the article. If you use it, the same configuration can be used with older OpenSSH client versions, e.g. if you share the config with docker containers.
You can do the same for other hosts, or use Host * to allow RSA for any host.
Solution 3:
Editing the ~/.ssh/config file is the best option. If you have a number of hosts to connect to on the same subnet you can use the following method to avoid entering each host in the file:
Host 192.168.8.*
HostKeyAlgorithms=+ssh-dss
This works great for me as I have a number of Brocade switches to manage and they started complaining about the Host key after I moved to Ubuntu 16.04.