How To Enable Legacy Key Type Support in SSH 7

Author: erics, Posted December 9th, 2016 at 12:00:40pm

Recently I had to launch an Ubuntu instance in AWS because i needed to run alien to convert a .rpm into a .deb package.

When I added my SSH keys as usual, I found I was still unable to login. This is the error from the /var/log/auth.log file:

Dec 9 16:47:55 localhost sshd[1550]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

A little research showed that ssh-dss keys are no longer supported by default in OpenSSH 7.0 and above.

Of course, the best thing to do would be to generate and use new keys with rsa, ecdsa or ed25519. RSA keys will give you the greatest portability while ed25519 is the most secure but requires more recent versions of ssh and sshd.

If you are stuck with DSA keys, you can re-enable support by adding the following line to /etc/ssh/sshd_config:

PubkeyAcceptedKeyTypes=+ssh-dss

More information: http://www.openssh.com/legacy.html

Original article: https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html

Categories: How-To's, Technology Tags: DSA, howto, Linux, OpenSSH, PubkeyAcceptedKeyTypes, RSA, ssh, ssh-dss, ssh-rsa, ssh7, sshd, sshv7, tips, Ubuntu