Re: id_dsa - not in PubkeyAcceptedKeyTypes

[Pierre Frenkiel <pierre.frenkiel@gmail.com>]

On Wed, 17 Jul 2019, Stephan Seitz wrote:

> According to the buster manpage of sshd_config:
>
> PubkeyAcceptedKeyTypes
>      Specifies the key types that will be accepted for public key 
> authentication as a list of comma-separated patterns. Alternately       if the 
> specified value begins with a + character, then the       specified key 
> types will be appended to the default set instead of       replacing them. If 
> the specified value begins with a -       character, then the specified key 
> types (including wildcards) will       be removed from the default set instead 
> of re
>      placing them. The default for this option is:
>
> 	  ecdsa-sha2-nistp256-cert-v01@openssh.com,
> 	  ecdsa-sha2-nistp384-cert-v01@openssh.com,
> 	  ecdsa-sha2-nistp521-cert-v01@openssh.com,
> 	  ssh-ed25519-cert-v01@openssh.com,
> 	  rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
> 	  ssh-rsa-cert-v01@openssh.com,
> 	  ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
> 	  ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

  thanks, but I've still 2 questions:

  1/ why something which worked yesterday doesn't work today?
  2/ what would be the recommended key in this long list?

best regards,
--
Pierre Frenkiel