krabs
April 18, 2022, 6:54pm
1
As the title says, after a new Fedora 35 install I can’t use any ssh keys. All attempts to use public-private key authentication fail because ‘corresponding algo not in PubkeyAcceptedAlgorithms.’
This is concerning because ssh should be allowed to use the keys that I have when I run ‘ssh -Q PubkeyAcceptedAlgorithms.’ The previous command outputs:
ssh-ed25519
It should be able to use my keys since I am trying to use a ssh-ed25519 key and that shows up when I query the accepted algorithms.
This is the reason it gives for rejecting my key when I try to use it:
Skipping ssh-ed25519 key /home/isaac/.ssh/id_ed25519 - corresponding algo not in PubkeyAcceptedAlgorithms
Why is it skipping when it appears to be in the accepted algorithms? Any help would be greatly appreciated. Thank you.
krabs
April 18, 2022, 7:09pm
2
Okay so I fixed my issue. I had to write ‘PubkeyAcceptedKeyTypes=+ssh-ed25519’ in ~/.ssh/config. Then my key worked just fine
3 Likes
This is started since Fedora 33 and here is the change request : Changes/StrongCryptoSettings2 - Fedora Project Wiki
If you wanna see accepted key list you can check out openssh.config
/etc/crypto-policies/back-ends/openssh.config then check PubkeyAcceptedAlgorithms you will see something like this (This one is Fedora 36 atm)
PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2
-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert
-v01@openssh.com
I hope this answer your question.
2 Likes