How I Solved My SSH Connection Error: No Matching Host Key Type Found
After a computer update I could no longer connect to my reMarkable via SSH as I had an error saying: "unable to negotiate with host: no matching host key type found". This is how I fixed the issue.
EDIT: October 7th, 2022:
I just updated my reMarkable to version 188.8.131.527. Had issues connecting. Error:
Connection closed by ... port 22. Fixed this by going into my
~/.ssh/known_hosts file and removing the corresponding line.
With the update the reMarkable now accepts different host key algorithms so this below fix is no longer needed. Keeping the post around in case someone else has a similar issue.
EDIT: March 22nd, 2023:
When moving my website over I lost my previous comments so I wanted to include Jen Lampton's comment where I was asked if I had ever found a solution that allowed me to connect using my SSH key again. I wasn't able to answer but she later replied:
I just discovered a solution for the public key – I’ll post here in case anyone else finds your helpful article 🙂
In the last month or so I stopped being able to
SSH into my reMarkable as I normally do. After putting off fixing it for a bit I finally decided to just sit down and figure out what was wrong. I got it working and had to share how I know connect to my device in case the same thing happens to you.
Below I replaced my host IP address with
XXX.XXX.X.XXX so instead of typing in
XXX.XXX.X.XXX please enter whatever IP address you’re trying to connect to instead.
How I Connected Before
Before going into how I now connect to my reMarkable I wanted to first mention my earlier post that showed how I access my reMarkable through the command line. In addition to the simple
SSH command it also mentions how I used my public key to skip entering my password (using the
.ssh/authorized_keys file) AND how I created a shortcut (using
.ssh/config) so I could skip entering my username and IP address each time. In case you already know how to use
SSH but can’t find the information you need to connect to your reMarkable you can find it on your device here:
After I upgraded my operating system to the macOS Ventura (13.0 beta) I was was no longer able to
SSH into my reMarkable device. Specifically:
❯ ssh root@XXX.XXX.X.XXX Unable to negotiate with XXX.XXX.X.XXX port 22: no matching host key type found. Their offer: ssh-rsa
SSH (Secure Shell) is a secure method to connect and communicate between two devices. The security comes from the public key cryptography it uses to verify that who you’re talking to is actually who you think it is. One type of algorithm it can use is
RSA. Back in 2021
OpenSSH released version 8.8 where it deprecated the
ssh-rsa signature scheme as it used the
SHA-1 hash algorithm in conjunction with the
RSA public key algorithm (link to Icarus.sg). This change shouldn’t be an issue as most systems use the modern version of
OpenSSH which will see the
RSA key and switch to a stronger signature scheme. So it shouldn’t be an issue.
My problem was that my computer was using the updated
OpenSSH so it disables
RSA by default (doesn’t accept
ssh-rsa signature schemes) while the way reMarkable is configured will only use
RSA… hence the discrepancy.
The Solution – Using SSH Command
To get around the current error you’ll need to alter that command a bit to specify what the host key algorithm you want to use is by passing in the option command
-o and following it with
HostKeyAlgorithms and the specific algorithm you want which in this case is
ssh-rsa. Here I just want to add
ssh-rsa to the list of preferred host key signature algorithms so I used a
+ to specify that. If I wanted to remove it from the list I’d use a
- while a
^ moves it to the head of the default list. You can learn more about this by typing in
man ssh_config in your terminal and navigating down to
SSH statement thus went from
ssh root@XXX.XXX.X.XXX to
ssh -oHostKeyAlgorithms=+ssh-rsa root@XXX.XXX.X.XXX and now, after asking my password, I’m able to connect to my reMarkable!
❯ ssh -oHostKeyAlgorithms=+ssh-rsa root@XXX.XXX.X.XXX root@XXX.XXX.X.XXX's password: ｒｅＭａｒｋａｂｌｅ ╺━┓┏━╸┏━┓┏━┓ ┏━┓╻ ╻┏━╸┏━┓┏━┓ ┏━┛┣╸ ┣┳┛┃ ┃ ┗━┓┃ ┃┃╺┓┣━┫┣┳┛ ┗━╸┗━╸╹┗╸┗━┛ ┗━┛┗━┛┗━┛╹ ╹╹┗╸ reMarkable: ~/
The Solution – Using a Shortcut
If you don’t want to specify the key algorithm every time (or even the username and host) you can create a shortcut. To create the shortcut you’ll need to navigate to the
~/.ssh directory and edit, or create, a
config file. Here’s what my updated config file looks like now with the
HostKeyAlgorithms specified (before it just had the first three lines):
Host remarkable HostName XXX.XXX.X.XXX User root HostKeyAlgorithms=+ssh-rsa PubkeyAcceptedKeyTypes=+ssh-rsa
Here I call my connection
remarkable so I just need to type
ssh remarkable into the terminal when I want to connect. You can call yours whatever you want by changing the
remarkable word at the beginning after
If you want to learn more about how I did this, without the
ssh-rsa additions, I talked about it in my Learn How to Access Your reMarkable Through the Command Line post under the heading: Forget the Username and IP Address by Creating a Shortcut.
Addendum: What Version of SSH Your Device Is Running
While working my way through this issue I found some other commands I could run to better understand the
SSH my device(s) were running. In case you might also be interested in this I figured I’d include it here.
First a quick aside: I ran these commands on September 15th, 2022 while running
Version 184.108.40.2067 on my reMarkable (Dropbear v2019.78) and the beta macOS 13.0 Ventura on my computer (OpenSSH_9.0p1, LibreSSL 3.3.6).
To find the exact version of
SSH your device is running you can run
ssh with the version flag
-V. This means you can run it on your computer or on any device you have
ssh access to. For me, after fixing my
ssh issue and shown below, I ran it on my computer and saw my Mac is using
LibreSSL 3.3.6. I then connected to my reMarkable and ran it again to see that my reMarkable is instead running
Even if you can’t connect to a device you can still find out what version of
SSH it’s running through the verbose mode
-v command when attempting to connect; in this case a lowercase
v rather than the capitalized version above. Verbose mode explains what’s happening when it attempts to connect and outputs the
SSH version of your device before it realizes whether it can connect or not. I also tried doing this when my reMarkable was turned off but, as it was turned off, the operation timed out as it couldn’t connect and thus couldn’t output its
❯ ssh -v remarkable OpenSSH_9.0p1, LibreSSL 3.3.6 // My computer version ... debug1: Remote protocol version 2.0, remote software version dropbear_2019.78 debug1: compat_banner: no match: dropbear_2019.78 // My reMarkable version ...
Whether you’re having difficulty connecting to your reMarkable or some other device I hope this post has helped you. If so I’d love to hear how and what in the comments below! If my post was missing some crucial information feel free to share in the comments below and maybe it will help someone else later on.
Have a great day!
If you’re interested in getting any of my future blog updates I currently come out with a new one every second Wednesday and share them to my Facebook page and Instagram account. You’re also more than welcome to join my email list located right under the search bar or underneath this post.