Bitbucket Cloud now supports rsa-sha2-256 and rsa-sha2-512 algorithms. The OpenSSH 8.8 client will function without the need for a workaround.
The team deployed a fix on Tuesday, Oct 19. After monitoring for two days, this ticket was closed because we are confident that the OpenSSH 8.8 incompatibility has been resolved.
The latest release of OpenSSH — version 8.8, released on September 26th — introduced a configuration change that prevents that client from connecting to Bitbucket Cloud over SSH. Bitbucket engineers are actively addressing this, and there are workarounds available in the meantime.
See the Community post for more details.
Connect to bitbucket.org using OpenSSH >= 8.8.
SSH client connects to Bitbucket.
SSH connection fails with the following error message:
Unable to negotiate with <ip address> port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
If you are receiving the warning above, there are two options: updating your SSH config locally, or switching from SSH to HTTPS.
You can continue to use SSH by adding the lines below into the Host bitbucket.org section of your SSH configuration:
On Unix-like systems, this configuration is located at $HOME/.ssh/config or /etc/ssh/ssh_config.
On Windows systems, this configuration is located at %USERPROFILE%\.ssh\config or %PROGRAMFILES%\Git\etc\ssh\ssh_config.
HTTPS connections to Bitbucket Cloud are unaffected by changes to the OpenSSH client. Therefore, you can avoid this issue by updating your git client to use HTTPS instead of SSH to talk to Bitbucket Cloud by following the instructions on this page. Switching to HTTPS will require using a different authentication mechanism. We recommend using an app password for automated git clients such as build machines or if you have two-factor authentication enabled.
To remove this workaround in the future, follow the same instructions to change your remote URL back to the SSH URL.