3

After an upgrade I can no longer log in to my box (FreeBSD 14.0) using RSA key getting:

userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms

in /var/logs/auth.log

on every login attempt via SSH using trusted keys that worked perfectly well pre-update.

Improve this question
1
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. Commented Jan 2, 2024 at 17:23

2 Answers 2

Reset to default
4

It turns out that with the upgrade of the OS and OpenSSH there is a new setting:

/etc/ssh/sshd_config :

... PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa

Adding the accepted algorithm helps after restarting the service. On FreeBSD:

sudo service sshd restart
Improve this answer
1
  • 2
    It's not a "new setting". This key type is deprecated and now disabled by default. You reenabled it. But, keep in mind it was disabled for a reason; consider switching to more recent ECC-based algorithms. Commented Dec 27, 2023 at 15:47
1

On el9 platforms, even if you set PublickeyAuth it will still reject because SHA1 is disabled by default in crypto-policies

Run this command update-crypto-policies --set DEFAULT:SHA1

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.