There are several types of keys and signature algorithms in the SSH protocol. RSA keys, which have the key type ssh-rsa
, can be used to sign with SHA-1 (in which case, the signature type is ssh-rsa
), SHA-256 (which has signature type rsa-sha2-256
), or SHA-512 (which has signature type rsa-sha2-512
).
What you're seeing here is that you're connecting with an RSA key and using the ssh-rsa
signature type with SHA-1. Unfortunately, SHA-1 is no longer secure, and the server is telling you that it won't accept that signature type. This is the right thing to do, because it avoids any security problems.
You can solve this in a couple different ways. First, you can simply upgrade PuTTY. The latest version supports the SHA-2 signature algorithms (SHA-256 and SHA-512), and so things should just work. You can also generate a different SSH key, say, an Ed25519 key, which is considered the most recommended option by Mozilla, GitHub, and other reputable parties. Note that PuTTY classes these as EdDSA keys, which is the more generic term; you want the 255 or 256 bit option.
You could also adjust PubkeyAcceptedKeyTypes
in /etc/ssh/sshd_config
on the server side to include ssh-rsa
(you should also include all of the other options in ssh -Q sig
as well if you do this). However, this means you're using insecure SHA-1 signatures and thus you probably want to choose one of the other options instead.