How To Enable Legacy Key Type Support in SSH 7
Recently I had to launch an Ubuntu instance in AWS because i needed to run alien to convert a .rpm into a .deb package.
When I added my SSH keys as usual, I found I was still unable to login. This is the error from the /var/log/auth.log
file:
Dec 9 16:47:55 localhost sshd[1550]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
A little research showed that ssh-dss keys are no longer supported by default in OpenSSH 7.0 and above.
Of course, the best thing to do would be to generate and use new keys with rsa, ecdsa or ed25519. RSA keys will give you the greatest portability while ed25519 is the most secure but requires more recent versions of ssh and sshd.
If you are stuck with DSA keys, you can re-enable support by adding the following line to /etc/ssh/sshd_config
:
PubkeyAcceptedKeyTypes=+ssh-dss
More information: http://www.openssh.com/legacy.html
Original article: https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
Leave Your Comment
All fields marked with "*" are required.