I’m very probably doing something wrong, but trying to download the source code for my Anvil app and the git command isn’t working for me. I generated an ssh key using “ssh-keygen -o” and copy/pasted the contents of my id_rsa.pub file into my account settings where it says to put my SSH public key.
After generating the file and adding it to my account I use the provided git clone command but I get the message:
Unable to negotiate with 52.56.203.177 port 2222: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository.
Not sure what I’m missing here or if there is some added step, but any advice / guidance would be appreciated.
In order for the command to work, you have to make your private key available to ssh. There are two ways to do that:
Use an ssh agent. This is a service that runs in the background on your machine and makes your keys available to ssh whenever they’re required. The agent you might use depends largely on your operating system.
Use the ssh config file. In there, you can specify the correct private key to use for connecting to anvil.
I tend to use option 2. Here’s a relevant snippet from my config file:
Thank you! I’m a github / ssh newb so now I’m off to figure out how to generate / use a config file Really appreciate you setting me on the right track!
Spent my morning on this, and I think I’m close but missing something simple. No obligation to respond (you’ve already been helpful) but I thought I’d push my luck and ask for a little more detail.
I’ve created a config file with the contents below:
Host anvil.works
Hostname 52.56.203.177
Port 2222
User [My Anvil Username Here]
PubKeyAuthentication yes
IdentityFile ~/.ssh/id_rsa
I think that’s mostly right, but when I enter “ssh anvil.works” command I get the response “shell request failed on channel 0” and the git clone command still returns
Unable to negotiate with 52.56.203.177 port 2222: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.
Am I just missing something from this config file or is there more to it than that?
You shouldn’t need most of those options - they are specified in the command that you copy from anvil. In my config, the only option I need is the one shown in the snippet above.
You can try passing those options via the ssh command to see what happens. e.g.:
ssh -p 2222 -i <path to your secret key> -l <your anvil login> anvil.works
or, to see more verbose debug info, add -v at the end.
I stripped my config down to just the IdentityFile line:
Host anvil.works
IdentityFile [MyFile]
If I run your command I get:
The authenticity of host ‘[anvil.works]:2222 ([52.56.203.177]:2222)’ can’t be established.
RSA key fingerprint is SHA256:l0ul+qjsIbKMTc1a1+XnRy6LcVuRgStB2gNJ1V7NsV8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[anvil.works]:2222’ (RSA) to the list of known hosts.
shell request failed on channel 0
If I run it with -v I get:
debug1: Reading configuration data [My Configuration File]
debug1: [My Configuration File] line 1: Applying options for anvil.works
debug1: Connecting to anvil.works [52.56.203.177] port 2222.
debug1: Connection established.
debug1: identity file [My id_rsa file] type 0
debug1: key_load_public: No such file or directory
debug1: identity file [My id_rsa file]-cert type -1
debug1: identity file [My id_rsa file] type 0
debug1: key_load_public: No such file or directory
debug1: identity file [My id_rsa file]-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version SSHD-CORE-1.2.0
debug1: no match: SSHD-CORE-1.2.0
debug1: Authenticating to anvil.works:2222 as '[My Anvil Login]'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:l0ul+qjsIbKMTc1a1+XnRy6LcVuRgStB2gNJ1V7NsV8
debug1: Host '[anvil.works]:2222' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\[me]/.ssh/known_hosts:3
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,keyboard-interactive,publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:5hX4C2UmzLSv57TbeG6Tm0EMuGseQMz+d/WR7/A7B/Y [My id_rsa file]
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to anvil.works ([52.56.203.177]:2222).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: console supports the ansi parsing
shell request failed on channel 0
What is confusing to me is that it says the server accepted my key and that I’m authenticated, so I’d expect it all to be fine. But I get that shell request error at the end, and I still get my original error when using the git clone command.
Really wish I could just download the repo manually…I know I’m just ignorant but this seems like a very complex process just to download the repo so I can run the Anvil Server on my own machine.
Try adding the lines that they suggest to your config:
Host anvil.works
IdentityFile <path to your key>
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
(BTW - the shell request error is as expected. We’re only using the ssh command to test the connection. We don’t actually expect anvil to give us a shell at their end)!
YES!!! Sorry…been beating my head against a wall all day Friday before even posting here and this morning was just continuing the frustration. Your suggested change to the config file did the trick. Wow what a relief to finally get this sorted.
Ha! I love it when I think I need to solve something only to open the source code and realize I already did. I literally smile and mutter to myself every time “Thanks past me”
One of those options isn’t valid in my current version, so here’s what my entry looks like now:
Host anvil.works
IdentityFile ~/.ssh/anvil_rsa
# When this stops working and you eventually look in here, have a read of
# https://anvil.works/forum/t/ssh-key-not-working/10227
# and then uncomment these two lines:
# HostkeyAlgorithms +ssh-rsa
# PubkeyAcceptedAlgorithms +ssh-rsa
Really appreciate you setting me on the right track!
