When I try to authenticate with an RSA SSH key in macOS 13 (Ventura), I get a Permission denied (publickey) error.
However, when I use the same command against macOS 12 (Monterrey), it works correctly.
7 Answers
You need to generate a new set of keys based on a more secure hash algorithm. It is generally recommended to use ed25519 algorithm.
ssh-keygen -t ed25519 -C [email protected]
ssh-add -A
In case you absolutely can't upgrade SSH (support added in OpenSSH 6.4) and you have to use RSA/SHA1 (e.g. the server accepts only RSA/SHA1 and you can't change that), add this snippet to the top of ~/.ssh/config on the client side (create the folder and file if it doesn't exist).
Host your-old-host.example.com
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
It enables RSA/SHA1 both in host key and public key, should solve both this problem and related "no matching host key type found" problem.
-
8This is usually the correct answer, but it doesn't exactly "enable RSA" – it enables RSA/SHA1, for outdated servers that do not support RSA/SHA256. Modern OpenSSH servers support RSA/SHA256 (and the exact same id_rsa keys can be used with both algorithms); unfortunately, if the server accepts only RSA (e.g. appliances) it's almost guaranteed to be old enough to require RSA/SHA1 specifically. Commented Oct 25, 2022 at 12:52
-
1This worked for me (OSX Ventura ssh to an old Ubuntu 14 box) and for clarity - I added this on the client side, and created a new file called config which didn't exist before. I didn't set any special permissions on the file. Commented Nov 3, 2022 at 19:47
-
3Please dont add this to
Host *! This is terrible practice. The real solution is to upgrade the remote server to a version greater than OpenSSH 7.2. If that doesn't work, add it per host IP or in the command line command when connecting. I.E. -ssh -oPubkeyAcceptedAlgorithms=+ssh-rsa {user@host}Commented Nov 7, 2022 at 17:35 -
@Tony-Caffe I've submitted an edit to remove that dangerous advice.– miken32Commented Nov 30, 2022 at 20:53
-
What is dangerous about adding a new pubkey algo to Host *? Please explain as it's only enabling the use of your ssh key on older versions. Additionally HostkeyAlgorithms is not needed at all here for the question posted and is just addressing a random issue this person had. Commented Apr 4, 2023 at 20:07
macOS 13 (Ventura) ships with OpenSSH_9.0p1. According to the OpenSSH release notes:
This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for <USD$50K [1]
A workaround is described in this Reddit thread: SSH in Ventura
Perhaps a better solution is to generate keys based on a more secure hash algorithm. For the time being, I'm switching to ed25519, which can be generated like this:
ssh-keygen -t ed25519 -C "comment"
answered Oct 25, 2022 at 12:34
-
2The best solution would be to upgrade the server's SSH software if possible. Although originally SSHv2 only defined RSA to be used in combination with SHA-1, the RSA keys themselves aren't inherently tied to any specific hash algorithm and will automatically be used with SHA2-256 when both client and server support the new combination (although switching to ed25519 keys is still a good idea). Commented Oct 25, 2022 at 13:01
This solution works for me.
- (Backup ~/.ssh/ folder)
- If your ssh config and private/public keys are in /etc/ssh/ before upgrading the MacOS
- copy ssh_config to ~/.ssh/config
- copy all private/public keys to ~/.ssh/
- Adding the following lines at the end of ~/.ssh/config
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1
Please dont add this to Host *! This is terrible practice. The real solution is to upgrade the remote server to a version greater than OpenSSH 7.2. If that doesn't work, add it per host IP or in the command line command when connecting.
I.E. - ssh -oPubkeyAcceptedAlgorithms=+ssh-rsa {user@host}
You can check your client keys and see if they support SHA256 and if they do, then no new keys are needed at the moment. If it doesnt say SHA256, then toss those keys and get something stronger using ssh-keygen command.
ssh-keygen -l -f .ssh/id_rsa
Add the following to your ~/.ssh/config file
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1
A lot of the answers are just blindly throwing up new config options that aren't needed.
To solve this issue you can run the following command.
$ ssh-keygen -l -f ~/.ssh/id_rsa
3072 SHA256:/redacted /Users/myuser/.ssh/id_rsa.pub (RSA)
Then you can take a look at the supported public keys for your ssh config.
$ ssh -Q PubkeyAcceptedAlgorithms
ssh-ed25519
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
In most cases adding ssh-rsa will work or you can limit it to rsa-sha2-256 as well using the following. The other config people are posting is not needed in almost any case just the following line.
Host *
PubkeyAcceptedAlgorithms +ssh-rsa
In the case that you are using ssh certs however you will want to run the following command on your cert.
$ ssh-keygen -L -f ~/.ssh/id_rsa-cert.pub
/Users/myuser/.ssh/id_rsa-cert.pub:
Type: [email protected] user certificate
Public key: RSA-CERT SHA256:/redacted
Signing CA: RSA SHA256:redacted (using rsa-sha2-256)
Key ID: "something"
Serial: 123
Valid: from 2023-04-04T13:19:10 to 2023-04-05T09:19:40
In this case you will need do add the Type field to the PubkeyAcceptedAlgorithms like so.
Host *
PubkeyAcceptedAlgorithms [email protected]
-
-
@Randall I'm sorry but that answer says nothing about the danger of adding Host * it just says "Hey I think this is dangerous. Trust me!". That is just cargo culting an answer around without an explanation. Sure it's better to specify things but like everything in tech the answer is it depends. In my most peoples case it won't matter and I am really struggling to see how it's dangerous and not just bad practice. Please enlighten me of the actual danger of this. I already know why it's bad practice. Commented Jun 8, 2023 at 16:53
For PIV authentication
Granted, this deviates from the OP's issue with RSA keys.
I got the following error using ssh/PIV authentication after upgrading to Ventura:
Infinite reexec detected; aborting
banner exchange: Connection to UNKNOWN port 65535: Broken pipe
The fix was:
- Remove or comment out the
PKCS11Providerline in your~/.ssh/config - Run the following commands:
ssh-add -e /usr/lib/ssh-keychain.dylib #Note - above command may produce the error: # 'Could not remove card "/usr/lib/ssh-keychain.dylib": agent refused operation' #This can be ignored; the file simply has no items to remove ssh-add -D killall -9 ssh-agent ssh-add -s /usr/lib/ssh-keychain.dylib - You should now be able to ssh
Note: If ssh still fails - The killall should have cleared all cached ssh process/keys/etc. A reboot will definitely clear any cached data that may be interfering.
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss user@old_server