{"id":3531,"date":"2023-07-10T18:16:00","date_gmt":"2023-07-10T17:16:00","guid":{"rendered":"https:\/\/kudzia.eu\/b\/?p=3531"},"modified":"2023-07-10T14:18:36","modified_gmt":"2023-07-10T13:18:36","slug":"userauth_pubkey-signature-algorithm-ssh-rsa-not-in-pubkeyacceptedalgorithms-preauth","status":"publish","type":"post","link":"https:\/\/kudzia.eu\/b\/2023\/07\/userauth_pubkey-signature-algorithm-ssh-rsa-not-in-pubkeyacceptedalgorithms-preauth\/","title":{"rendered":"userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]"},"content":{"rendered":"\n<p>colleague reported that he cannot anymore log-in using putty, via ssh to server that was recently upgraded to Debian Bookworm.<\/p>\n\n\n\n<p>\/var\/log\/auth.log showed:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>2023-07-10T13:08:48.619859+00:00 hostname sshd&#91;2302085]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms &#91;preauth]<\/code><\/pre>\n\n\n\n<p>putty log<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>2023-07-10 15:08:49\tLooking up host \"hostname\" for SSH connection\n2023-07-10 15:08:49\tConnecting to 2a00:... port 22\n2023-07-10 15:08:49\tWe claim version: SSH-2.0-PuTTY_Release_0.74\n2023-07-10 15:08:49\tRemote version: SSH-2.0-OpenSSH_9.2p1 Debian-2\n2023-07-10 15:08:49\tUsing SSH protocol version 2\n2023-07-10 15:08:49\tNo GSSAPI security context available\n2023-07-10 15:08:49\tDoing ECDH key exchange with curve Curve25519 and hash SHA-256 (SHA-NI accelerated)\n2023-07-10 15:08:49\tServer also has ecdsa-sha2-nistp256 host key, but we don't know it\n2023-07-10 15:08:49\tHost key fingerprint is:\n2023-07-10 15:08:49\tssh-ed25519 255 ....\n2023-07-10 15:08:49\tInitialised AES-256 SDCTR (AES-NI accelerated) outbound encryption\n2023-07-10 15:08:49\tInitialised HMAC-SHA-256 (SHA-NI accelerated) outbound MAC algorithm\n2023-07-10 15:08:49\tInitialised AES-256 SDCTR (AES-NI accelerated) inbound encryption\n2023-07-10 15:08:49\tInitialised HMAC-SHA-256 (SHA-NI accelerated) inbound MAC algorithm\n2023-07-10 15:08:49\tPageant is running. Requesting keys.\n2023-07-10 15:08:49\tPageant has 1 SSH-2 keys\n2023-07-10 15:08:49\tTrying Pageant key #0\n2023-07-10 15:08:49\tServer refused our key\n<\/code><\/pre>\n\n\n\n<p>it turned out that it was pretty old putty &#8211; 0.74, just upgrading it to the more recent one [ 0.78 at the time of writing ] solved it.<\/p>\n\n\n\n<p>alternatively i could have added this to \/etc\/ssh\/sshd_conf but why weaken the config when it&#8217;s enough to upgrade the client?<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>pubkeyacceptedalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa<\/code><\/pre>\n\n\n\n<p>this parameter was renamed from <strong>pubkeyacceptedkeytypes<\/strong> to <strong>pubkeyacceptedalgorithms<\/strong> and 2 values were removed from its default <em>ssh-rsa-cert-v01@openssh.com<\/em>, <em>ssh-rsa<\/em> when going from OpenSSH_8.4p1 [ in bullseye ] to OpenSSH_9.2p1 [ in bookworm ].<\/p>\n","protected":false},"excerpt":{"rendered":"<p>colleague reported that he cannot anymore log-in using putty, via ssh to server that was recently upgraded to Debian Bookworm. \/var\/log\/auth.log showed: putty log it turned out that it was pretty old putty &#8211; 0.74, just upgrading it to the more recent one [ 0.78 at the time of writing ] solved it. alternatively i [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51],"tags":[120],"class_list":["post-3531","post","type-post","status-publish","format-standard","hentry","category-unimportant","tag-bookworm"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=3531"}],"version-history":[{"count":4,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3531\/revisions"}],"predecessor-version":[{"id":3535,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3531\/revisions\/3535"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=3531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=3531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=3531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}