51

I have built a new Ubuntu server in AWS. Now for some reason my private key that works on other Ubuntu servers is not working her . The error in auth.log is

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

This only is an issue with Putty, if I try logging via a linux workstation no issues at all with any machine.

The difference I see is the new server is

Ubuntu 22.04.1 LTS running OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022

The working (old) server is

Ubuntu 20.04.4 LTS (Focal Fossa) running OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020

Has something changed in this version of OpenSSH? How do I get putty working again?

Improve this question
1

4 Answers 4

Reset to default
58

A simple solution.

Add this line in /etc/ssh/sshd_config.

PubkeyAcceptedAlgorithms +ssh-rsa

Afterwards, restart the sshd service to make the new settings come into effect.

$ sudo systemctl restart sshd
Improve this answer
5
  • 11
    This did not work for me. But what did work was upgrading putty from 0.74 to 0.78.
    – user2449151
    Commented Dec 21, 2022 at 19:57
  • 15
    @user2449151 same for me. Upgrading Putty solved the problem on Windows 11.
    – fillobotto
    Commented Jan 18, 2023 at 10:20
  • 7
    ssh-rsa has been deprecated and in fact, disabled by default for security reasons and should be avoided. Use rsa-sha2-256 or rsa-sha2-512 instead.
    – balu
    Commented Apr 13, 2023 at 22:59
  • Note to self: this worked for me too after updating putty
    – adrianTNT
    Commented Sep 13, 2023 at 21:52
  • 3
    One little addition, this line should be written as PubkeyAcceptedAlgorithms=+ssh-rsa
    – Michael Ushakov
    Commented Nov 7, 2023 at 5:51
27

There are several types of keys and signature algorithms in the SSH protocol. RSA keys, which have the key type ssh-rsa, can be used to sign with SHA-1 (in which case, the signature type is ssh-rsa), SHA-256 (which has signature type rsa-sha2-256), or SHA-512 (which has signature type rsa-sha2-512).

What you're seeing here is that you're connecting with an RSA key and using the ssh-rsa signature type with SHA-1. Unfortunately, SHA-1 is no longer secure, and the server is telling you that it won't accept that signature type. This is the right thing to do, because it avoids any security problems.

You can solve this in a couple different ways. First, you can simply upgrade PuTTY. The latest version supports the SHA-2 signature algorithms (SHA-256 and SHA-512), and so things should just work. You can also generate a different SSH key, say, an Ed25519 key, which is considered the most recommended option by Mozilla, GitHub, and other reputable parties. Note that PuTTY classes these as EdDSA keys, which is the more generic term; you want the 255 or 256 bit option.

You could also adjust PubkeyAcceptedKeyTypes in /etc/ssh/sshd_config on the server side to include ssh-rsa (you should also include all of the other options in ssh -Q sig as well if you do this). However, this means you're using insecure SHA-1 signatures and thus you probably want to choose one of the other options instead.

Improve this answer
6

From the comments, but not enough visible, and before making trade-off with security, better to check if other simple methods works.

Before to make any change on server side, try to update putty to the newest version. In my case, the version 0.78 solved the problem, without any changes on server side nor on keys.

I cannot find the real reason in the Putty ChangeLog file.

Improve this answer
3
  • As also stated in the comments in the first answer, the problem is with PuTTY. This is also valid for Debian 12 / openssh-server 9.2p1-2. It is worth noting that the output of ssh -Q PubkeyAcceptedAlgorithms includes ssh-rsa, so it is allowed on the server. The key was not accepted after upgrading from Debian 11 to Debian 12. It works with PuTTY 0.78.
    – Boyan Alexiev
    Commented Jun 29, 2023 at 9:41
  • @BoyanAlexiev ssh -Q tells you what is implemented, and only on your system (not the server unless you run it on the server). What is allowed is only a subset of what is implemented (which could be allowed if you change the configuration).
    – dave_thompson_085
    Commented Oct 26, 2023 at 0:13
  • @dave_thompson_085 The command was run on the server. The original question states that "SSH server gives ... ssh-rsa not in PubkeyAcceptedAlgorithms". The idea was to point out that the issue is not on the server itself, i.e. the message is incorrect. There is no need to change the configuration to allow ssh-rsa.
    – Boyan Alexiev
    Commented Jan 11 at 7:05
4

Complementing the answers from @bk2204 (RSA now requiring SHA-2) and Giacomo Catenazzi (upgrading PuTTY to version 0.78), the explanation can be found in PuTTY's changelog for version 0.75:

Support for RSA key algorithms using SHA-2 instead of SHA-1.

So PuTTY prior to version 0.75 attempted to use RSA with SHA-1, which is disabled by default on newer OpenSSH versions.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .