[solved] Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd

To: debian-user@lists.debian.org
Subject: [solved] Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Fri, 31 May 2024 22:53:43 +0200
Message-id: <[🔎] 2601831870666755215@scdbackup.webframe.org>
In-reply-to: <[🔎] 2c8e7621-fc38-4a68-8761-9b731d2bc40f@home.arpa>
References: <[🔎] 2c8e7621-fc38-4a68-8761-9b731d2bc40f@home.arpa>

Hi,

the following line in ~/.ssh/config did the trick:

  PubkeyAcceptedAlgorithms +ssh-rsa

This lets ssh -v report:

  debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:...
  debug1: Server accepts key: /home/.../.ssh/id_rsa RSA SHA256:...
  Authenticated to ... ([...]:22) using "publickey".

and leads to a shell session on the Debian 8 machine.

So the mere message
  debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:...
does not mean that RSA would be acceptable on the client side.
It would be nice if the refusal message would be somewhat clearer than
  debug1: send_pubkey_test: no mutual signature algorithm

I wrote:
> > The ssh-rsa key was generated by Debian 10. man ssh-keygen of buster
> > says the default of option -b with RSA was 2048.
> > (Does anybody know how to analyze a key file in regard to such
> > parameters ?)

Michael Kjörling wrote:
> $ ssh-keygen -l -f $pubkeyfile

Says "2048 SHA256:... ...@... (RSA)".
(Now that i know the right option, i can suddenly see it in the man page.)

Have a nice day :)

Thomas

Reply to:

References:
- Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd
  - From: Michael Kjörling <2695bd53d63c@ewoof.net>

Prev by Date: Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd
Next by Date: Re: After upgrade, what do you do about "removed" and "obsolete" packages ?
Previous by thread: Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd
Next by thread: Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd
Index(es):
- Date
- Thread