Resolving SSH Permission Denied Errors Due to OpenSSH Version Vulnerabilities

#howto #webdev #ssh

If you have encountered errors while using SSH, such as the ones below:

Example 1:

foo@12.34.56.789: Permission denied (publickey).

Example 2:

sign_and_send_pubkey: no mutual signature supported
foo@12.34.56.789: Permission denied (publickey).

It's possible that you may be using an older version of OpenSSH on your server that is vulnerable to the SHA-1 algorithm, which was disabled in OpenSSH version 8.8 (2021-09-26). If you're certain that you've correctly added the public key to your server, this could be the cause of the error messages.

To determine your local OpenSSH version, enter the following command:

ssh -vv local

The result should look like this:

To resolve the issue, add PubkeyAcceptedKeyTypes +ssh-rsa to your Host entry in the ~/.ssh/config file. It should look like this:

Host fooServer
PubkeyAcceptedKeyTypes +ssh-rsa
Hostname 12.34.56.789
User forge
IdentityFile=~/.ssh/id_rsa

After making these changes, try again and the issue should be resolved.

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →