userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

by .pQd
unimportant

colleague reported that he cannot anymore log-in using putty, via ssh to server that was recently upgraded to Debian Bookworm.

/var/log/auth.log showed:

2023-07-10T13:08:48.619859+00:00 hostname sshd[2302085]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

putty log

2023-07-10 15:08:49	Looking up host "hostname" for SSH connection
2023-07-10 15:08:49	Connecting to 2a00:... port 22
2023-07-10 15:08:49	We claim version: SSH-2.0-PuTTY_Release_0.74
2023-07-10 15:08:49	Remote version: SSH-2.0-OpenSSH_9.2p1 Debian-2
2023-07-10 15:08:49	Using SSH protocol version 2
2023-07-10 15:08:49	No GSSAPI security context available
2023-07-10 15:08:49	Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (SHA-NI accelerated)
2023-07-10 15:08:49	Server also has ecdsa-sha2-nistp256 host key, but we don't know it
2023-07-10 15:08:49	Host key fingerprint is:
2023-07-10 15:08:49	ssh-ed25519 255 ....
2023-07-10 15:08:49	Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
2023-07-10 15:08:49	Initialised HMAC-SHA-256 (SHA-NI accelerated) outbound MAC algorithm
2023-07-10 15:08:49	Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
2023-07-10 15:08:49	Initialised HMAC-SHA-256 (SHA-NI accelerated) inbound MAC algorithm
2023-07-10 15:08:49	Pageant is running. Requesting keys.
2023-07-10 15:08:49	Pageant has 1 SSH-2 keys
2023-07-10 15:08:49	Trying Pageant key #0
2023-07-10 15:08:49	Server refused our key

it turned out that it was pretty old putty – 0.74, just upgrading it to the more recent one [ 0.78 at the time of writing ] solved it.

alternatively i could have added this to /etc/ssh/sshd_conf but why weaken the config when it’s enough to upgrade the client?

pubkeyacceptedalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa

this parameter was renamed from pubkeyacceptedkeytypes to pubkeyacceptedalgorithms and 2 values were removed from its default ssh-rsa-cert-v01@openssh.com, ssh-rsa when going from OpenSSH_8.4p1 [ in bullseye ] to OpenSSH_9.2p1 [ in bookworm ].

Leave a Reply

Your email address will not be published. Required fields are marked *

(Spamcheck Enabled)