Skip to Content

userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms

518  Nesvin KN March 3, 2023  Common Errors & Troubleshooting

ssh jump server

userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms

1. Login to server and tail /var/log/secure to check errors. Refer below example.

[email protected] ~]# tail -f /var/log/secure

userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms

2. Find which key type is used in the server by running the below command.

[email protected] ~]# ssh-keygen -l -f /usr/local/etc/ezlogin/id_key.pub
4096 SHA256:n4lmX53/gwkKB4+nSQ30hZXxXK+DRG1LPc7N1KN/1Ag ezlogin (RSA)

    In the above example, the RSA key type is used.

3. Run the following command to see which all key types are enabled on the server.

[email protected] ~]# sshd -T | grep -i key

pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256

4. Open /etc/ssh/sshd_config and append the below line to enable ssh-rsa.

[email protected] ~]# vim /etc/ssh/sshd_config

PubkeyAcceptedKeyTypes +ssh-rsa

[email protected] ~]# systemctl restart sshd

5. Re-run the below command and confirm that ssh-rsa has been enabled.

[email protected] ~]# sshd -T | grep -i key

pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa

6. Try to modify the user now and confirm it's working fine.

How to view the list of KEX and Keys in the Linux server?

  • How to list keys in the Linux server?

[email protected] ~]# ssh -Q key

ssh-ed25519
[email protected]
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

  • How to list KEX in the Linux server?

[email protected] ~]# ssh -Q kex

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
[email protected]

Related Articles
Rating: 5 (1 Votes)