ubuntu22.04 server SSH key login failed
1. Background introduction
SSH key login is to write the SSH public key into ~/.ssh/authorized_keys
the file .
Today, I installed the ubuntu22.04 system. According to the previous operation, after configuring the SSH public key on the server, I found that I could not log in.
2. Problem location
First check the OpenSSH version:
$ ssh -V
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
Check /var/log/auth.log
the file and find the following error message:
sshd[2648]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
According to the error message, authorized_keys
the SSH public key type filled in the file is ssh-rsa type, which is an unsupported public key type. This limit should be increased in higher versions of SSH.
View supported public key types:
$ sudo sshd -T | egrep "pubkey"
pubkeyauthentication yes
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
pubkeyauthoptions none
3. Solutions
Know the cause of the problem, the problem is easy to solve.
3.1 Scheme 1
Regenerate the OpenSSH public and private keys using a supported public key type, such as using ed25519
.
Use ssh-keygen
the command to generate ed25519
public and private keys as follows:
$ ssh-keygen -t ed25519 # 默认生成到~/.ssh/ 目录下,默认文件名为:id_ed25519 和 id_ed25519.pub
$ ssh-keygen -t ed25519 -f test # 生成文件到当前目录,文件名为:test 和 test.pub
3.2 Scheme 2
Modify the sshd configuration file /etc/ssh/sshd_config
to pubkeyacceptedalgorithms
support ssh-rsa
the public key type.
Modification method: /etc/ssh/sshd_config
add a line at the end of the filePubkeyAcceptedAlgorithms +ssh-rsa
$ sudo echo "PubkeyAcceptedAlgorithms +ssh-rsa" >> /etc/ssh/sshd_config
$
$ tail /etc/ssh/sshd_config
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
PubkeyAcceptedAlgorithms +ssh-rsa
After modifying /etc/ssh/sshd_config
the configuration file, you need to restart the sshd service, executesudo systemctl restart sshd.service