Troubleshooting
Problem
In future releases of OpenSSH, ssh-rsa host key algorithm will be turned off by default, taking out RSA keys out of the scene.
Symptom
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/obl/.ssh/id_rsa RSA SHA256:REEGRD03GiHfD6SQwhYQSZeQnI/56QaTfgjq3fgspjw
debug1: send_pubkey_test: no mutual signature algorithm
Cause
- They depend on weak host key algorithm SHA-1.
- Relatively short key length of 1024 bits.
Resolving The Problem
HostKeyAlgorithms +rsa-sha2-256,rsa-sha2-512
# ssh -oHostKeyAlgorithms=+rsa-sha2-256,rsa-sha2-512 user@host
UpdateHostKeys yes
- sshd_config file on SSH target:
HostKeyAlgorithms rsa-sha2-256,rsa-sha2-512,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
- ssh_config file on SSH source:
PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
SUPPORT |
If the instructions in this document do not lead to resolution of the problem, follow these instructions to open a case. The product must be under warranty or have an active and valid support contract. a. Document or take screen captures of all symptoms, errors, or messages. b. Capture any logs or data relevant to the issue. c. Contact IBM to open a case. -For electronic support, visit the IBM Support Community: d. Provide a detailed description of the issue and reference this technote. e. Upload all of the details and data to the case. -You can attach files to the case in the IBM Support Community, or http://www.ibm.com/support/docview.wss?uid=ibm10733581 f. Click here to submit feedback for this document. |
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
29 August 2021
UID
ibm16484905