Skip to main content
The 2024 Developer Survey results are live! See the results
Super User

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

9
  • What is the 'size' (bits in modulus) of your key? If you are using very recent OpenSSH (>=9.1) check if it is configured (in ~/.ssh/config or /etc/ssh/ssh_config or similar, or with a wrapping script or alias) to have option RequiredRSASize (in any case, but that's canonical) set too high for your key.
    – dave_thompson_085
    Commented Jun 25, 2023 at 3:16
  • @dave_thompson_085 I use openssh 8.8p1 without RA keysize restriction and according to : openssl rsa -in privat.pem -text -noout 'Private-Key: (2047 bit, 2 primes) But I don't get it why it is working with putty - on Win10 and on Fedora- and not with openssh client
    – János Geringer
    Commented Jun 25, 2023 at 20:45
  • I don't understand either; 2047 bit should be valid. Assuming id_rsa is the same as privat.pem -- did you confirm that?
    – dave_thompson_085
    Commented Jun 27, 2023 at 6:32
  • @dave_thompson_085 Yes. In fact, I've tried to specify it with 'ssh -i' as well. Odd is, if I generate a new key on my Fedora and copy the new public key to the target it works. But I guess, I confirmed it's an ssh client issue on Fedora as I've tried it from another laptop with Wim10 and MobaXterm IT WORKS. I also tried it from a CoreELEC Linux box CoreELEC:~ # ssh -V OpenSSH_9.2p1, OpenSSL 3.0.8 7 Feb 2023 and work from there as well. But I still don't know what could be the problem with 8.8.p1 as I 'm using with default config.
    – János Geringer
    Commented Jun 28, 2023 at 9:19
  • Gack! I didn't notice Fedora! Is your putty from the Fedora packagers or elsewhere? RHEL 8 up and Fedora I-don't-know-exactly-which have systemwide crypto policies that apply to most if not all distro packages and it appears now rejects RSA<2048 by default. If you run openssl genrsa 2047 does it generate a key and does that key work in OpenSSH?
    – dave_thompson_085
    Commented Jun 28, 2023 at 11:56