After the last upgrade I was not able to login in to my machine remotely using ssh.
Password authentication is disabled in the sshd_config file and I use keys to authenticate.
After this upgrade authentication did not work and there was the following error in the ssh log
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Do you have any
After reading this post in the Digital Ocean blog I added the following to my sshd_config and it now works
No, but I have just looked at the Openssh 8.8 release notes and found the following: “This release disables RSA signatures using the SHA-1 hash algorithm
Perhaps I need to update my keys. I generated them using Puttygen so I suspect this could affect a lot of people.
Thank you for your feed-back!
Incorporated into the Known problems wiki of the current update.
As this key type has been deemed to be not secure enough anymore it might be worth adding to the wiki a suggestion to change key types so as to keep the login process secure.
I just removed the line I added to sshd_config and recreated my keys using ED25519 and can now login again.
just a few thoughts:
ssh-rsa is not
SHA1 and it does not use
rsa is not unsafe per se:
- “short” keys could be broken with technology available today
- “long” keys are reasonably safe
ed25519 is considered as of similar difficulty as an
rsa key of ~3000 bits length, see http://ed25519.cr.yp.to/
edit: I’ve updated the wiki post.
That’s already in the wiki, first item here
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
Hi, after the update I have been unable to access my remote git repository using ssh. Tried regenerating the keys, didn’t work. It seems like ssh can’t see the key file after the update, doesn’t even ask for the passphrase. This is the error:
Unable to negotiate with 188.8.131.52 port 22: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository.
I used Timeshift to revert to a backup before the update, and everything works normally.
Does anyone know what could be causing this issue?
shh config file:
An update regarding git over ssh:
Generating new keys is most likely not an option at this moment. Hosts are currently only supporting
ssh-rsa and according to Atlassian, they are working on
ed25519 will most likely not be supported anytime soon.
For a temporary workaround, only adding
PubkeyAcceptedAlgorithms +ssh-rsa is not enough,
HostkeyAlgorithms +ssh-rsa is also required.
Atlassian post: OpenSSH 8.8 client incompatibility and workaround - Atlassian Community
At the moment of writing, I know that Azure and Bitbucket git repositories have this problem, not sure about other hosts
~/.ssh/config that worked for me:
My solution was creating
~/.ssh/config like this this:
Issue opening the KDEConnect created Device filesystem in Dolphin (KDE) for my cell… multiple notifications triggered saying
Error when accessing filesystem. sshfs finished with exit code 1
Found temp solution (work around) @ [SOLVED] kdeconnect no longer exposes filesystem on android phone / Newbie Corner / Arch Linux Forums
According to what I read, the
openssh 8.8p1-1 installed with this update release is involved with the issue, and was worked around by downgrading to the previous
openssh 8.7p1-2 with the following command (assumes you are locally caching previous package versions via pamac)…
$ sudo pacman -U /var/cache/pacman/pkg/openssh-8.7p1-2-x86_64.pkg.tar.zst
The issue eventually needs to be addessed by KDEConnect and is recorded/tracked @ 443155 – kdeconnect breaks when openssh is upgraded to version 8.8p1-1
One of the contributors there mentioned that (I assume related to
“This release disables RSA signatures using the SHA-1 hash algorithm by default.”
So this suggests that an alternative “work around” may be to follow the Lazy Solution found in the
Unable to login in remotely using ssh using rsa keys known issue for this update (which I have not tried)… as I assume the “Good Solution” can only be found in an updated version of KDEConnect.
EDIT: My issue was resolved by the newly released
KDEConnect 21.08.2-1 and
sshfs 3.7.2-2 (Pahvo 21.1.6 release) which are all playing together nicely with