import/path: "SSH connection command ssh -v -oHostKeyAlgorithms=+ssh-rsa user@host -p 22 cannot connect."

[dhffb]

Go version

go 1.23.0 darwin/arm64 and golang.org/x/crypto v0.26.0

Output of go env in your module/workspace:

set GO111MODULE=on
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\Administrator\AppData\Local\go-build
set GOENV=C:\Users\Administrator\AppData\Roaming\go\env
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Users\Administrator\go\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=C:\Users\Administrator\go
set GOPRIVATE=
set GOPROXY=https://proxy.golang.org,direct
set GOROOT=C:/Program Files/Go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLCHAIN=auto
set GOTOOLDIR=C:\Program Files\Go\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.23.0
set GODEBUG=
set GOTELEMETRY=local
set GOTELEMETRYDIR=C:\Users\Administrator\AppData\Roaming\go\telemetry
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=D:\Users\Desktop\ssh\go.mod
set GOWORK=
set CGO_CFLAGS=-O2 -g
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-O2 -g
set CGO_FFLAGS=-O2 -g
set CGO_LDFLAGS=-O2 -g
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=D:\Users\Temp\go-build153145645=/tmp/go-build -gno-record-gcc-switches

What did you do?

sshUser := "user"
sshHost := "host"
sshPassword := "password"

config := &ssh.ClientConfig{
    User: sshUser,
    Auth: []ssh.AuthMethod{
        ssh.Password(sshPassword), 
    },
    HostKeyCallback:   ssh.InsecureIgnoreHostKey(), 
    HostKeyAlgorithms: []string{"ssh-rsa"},         
    Timeout:           10 * time.Second,        
}

client, err := ssh.Dial("tcp", sshHost, config)
if err != nil {
    log.Fatalf("connect fail: %v", err)
}
defer client.Close()

session, err := client.NewSession()
if err != nil {
    log.Fatalf("err: %v", err)
}
defer session.Close()

output, err := session.CombinedOutput("uname -a")
if err != nil {
    log.Fatalf("err: %v", err)
}
fmt.Println("commond print:", string(output))

What did you see happen?

connect fail: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain.

What did you expect to see?

GO can establish the connection successfully.

I can connect using Python.

Py Code

import paramiko
import time
from datetime import datetime
ssh_host = "host"
ssh_port = 22
ssh_user = "user"
ssh_password = "pass"
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

try:
    client.connect(
        hostname=ssh_host, 
        port=ssh_port, 
        username=ssh_user, 
        password=ssh_password,
        look_for_keys=False, 
        allow_agent=False,    
        disabled_algorithms={'keys': ['rsa-sha2-256', 'rsa-sha2-512']} 
    )
    channel = client.invoke_shell()
    with open("log.txt", "a") as log_file:
        while True:
            current_time = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
            channel.send('free -m\n')
            time.sleep(1)
            output = channel.recv(1024).decode()
            log_file.write(f"{current_time} - Mem:\n")
            log_file.write(output + "\n")
            time.sleep(3)

finally:
    client.close()

This is ssh print:

C:\Users\Administrator>ssh -v -oHostKeyAlgorithms=+ssh-rsa user@host -p 22 OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2 debug1: Connecting to 121.14.xx.xx [121.14.xx.xx] port 22. debug1: Connection established. debug1: identity file C:\Users\Administrator/.ssh/id_rsa type -1 debug1: identity file C:\Users\Administrator/.ssh/id_rsa-cert type -1 debug1: identity file C:\Users\Administrator/.ssh/id_dsa type -1 debug1: identity file C:\Users\Administrator/.ssh/id_dsa-cert type -1 debug1: identity file C:\Users\Administrator/.ssh/id_ecdsa type -1 debug1: identity file C:\Users\Administrator/.ssh/id_ecdsa-cert type -1 debug1: identity file C:\Users\Administrator/.ssh/id_ed25519 type -1 debug1: identity file C:\Users\Administrator/.ssh/id_ed25519-cert type -1 debug1: identity file C:\Users\Administrator/.ssh/id_xmss type -1 debug1: identity file C:\Users\Administrator/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1 debug1: Remote protocol version 2.0, remote software version ssh2js0.4.10srv debug1: no match: ssh2js0.4.10srv debug1: Authenticating to 121.14.xx.xx:22as 'user' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:WBqmW60qLKWsvmz0TBhXN7DlkaIno30a5ycDgOpfl2M debug1: Host '[121.14.xx.xx]:22' is known and matches the RSA host key. debug1: Found key in C:\Users\Administrator/.ssh/known_hosts:13 debug1: rekey out after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 4294967296 blocks debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory debug1: Will attempt key: C:\Users\Administrator/.ssh/id_rsa debug1: Will attempt key: C:\Users\Administrator/.ssh/id_dsa debug1: Will attempt key: C:\Users\Administrator/.ssh/id_ecdsa debug1: Will attempt key: C:\Users\Administrator/.ssh/id_ed25519 debug1: Will attempt key: C:\Users\Administrator/.ssh/id_xmss debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: debug1: Next authentication method: publickey debug1: Trying private key: C:\Users\Administrator/.ssh/id_rsa debug1: Trying private key: C:\Users\Administrator/.ssh/id_dsa debug1: Trying private key: C:\Users\Administrator/.ssh/id_ecdsa debug1: Trying private key: C:\Users\Administrator/.ssh/id_ed25519 debug1: Trying private key: C:\Users\Administrator/.ssh/id_xmss debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: debug1: Next authentication method: password debug1: read_passphrase: can't open /dev/tty: No such file or directory xxxxxxxxx's password:

[gabyhelp]

Related Issues and Documentation

• x/crypto/ssh: can't establish ssh connection using signed key #54027 (closed)
• x/crypto/ssh: TestValidTerminalMode fails with some shells #38037 (closed)
• x/crypto/ssh: unable to authenticate if the first private key fails. #60587 (closed)
• x/crypto/ssh: "ssh-rsa-cert-v01@openssh.com" does not work for sshd OpenSSH 7.2-7.7 #58371 (closed)
• x/crypto/ssh: occasional handshake failures #32705 (closed)
• x/crypto/ssh agent handshake fails with normally working configuration #29086 (closed)
• x/crypto/ssh: curve25519-sha256@libssh.org is now curve25519-sha256 #48756 (closed)
• x/crypto/ssh/knownhosts: can't verify host key if host certificate is sent #33366
• x/crypto/ssh/test: TestInvalidTerminalMode fails with new openssh #33919 (closed)
• x/crypto: regression: no longer able to authenticate using rsa-sha2-512 key #56342 (closed)

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[seankhliao]

Without a self contained reproducer, including keys and a server config, I don't think this is an actionable report. The forums may be a better place to help you troubleshoot your issues further.

Unlike many projects, the Go project does not use GitHub Issues for general discussion or asking questions. GitHub Issues are used for tracking bugs and proposals only.

For questions please refer to https://github.com/golang/go/wiki/Questions