{"id":651,"date":"2023-06-19T16:00:00","date_gmt":"2023-06-19T14:00:00","guid":{"rendered":"https:\/\/www.dont-panic.cc\/capi\/?p=651"},"modified":"2023-06-22T09:22:51","modified_gmt":"2023-06-22T07:22:51","slug":"enable-rsa-based-public-keys-for-ssh-when-accessing-legacy-devices","status":"publish","type":"post","link":"https:\/\/www.dont-panic.cc\/capi\/2023\/06\/19\/enable-rsa-based-public-keys-for-ssh-when-accessing-legacy-devices\/","title":{"rendered":"Enable RSA-based public-keys for ssh when accessing legacy devices"},"content":{"rendered":"\n

When accessing old devices that are not yet using modern encryption algorithms, current Ubuntu installations might reject connection due to the signature algorithm for the public keys being disabled, e.g.<\/p>\n\n\n\n

sign_and_send_pubkey: no mutual signature supported<\/code><\/pre>\n\n\n\n
You can enable this on a per-command level by adding the following option to your SSH command line:<\/p>\n\n\n\n
ssh -o PubkeyAcceptedKeyTypes=+ssh-rsa ...<\/code><\/pre>\n\n\n\n
As an alternative you can add this permanently for a host by adding it to the host’s configuration in your $HOME\/.ssh\/config<\/code>:<\/p>\n\n\n\n
Host myhost\n  PubkeyAcceptedKeyTypes +ssh-rsa<\/code><\/pre>\n\n\n\n
This also works for other key types like ssh-dss<\/code>. <\/p>\n\n\n\n
Note:<\/span><\/strong> In general you only should do this if you access legacy devices where you have no possibility to upgrade to state-of-the-art encryption algorithms. Those algorithms got deprecated for a reason. Therefore always do this on a per-command or per-target-host level instead of blindly enabling those algorithms in your global SSH config.<\/p>\n","protected":false},"excerpt":{"rendered":"
When accessing old devices that are not yet using modern encryption algorithms, current Ubuntu installations might reject connection due to the signature algorithm for the public keys being disabled, e.g. You can enable this on a per-command level by adding the following option to your SSH command line: As an alternative you can add this … Continue reading “Enable RSA-based public-keys for ssh when accessing legacy devices”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7,10],"tags":[227,244],"class_list":["post-651","post","type-post","status-publish","format-standard","hentry","category-computer","category-security","category-sysadmin","tag-security","tag-ssh"],"_links":{"self":[{"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/posts\/651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/comments?post=651"}],"version-history":[{"count":2,"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/posts\/651\/revisions"}],"predecessor-version":[{"id":656,"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/posts\/651\/revisions\/656"}],"wp:attachment":[{"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/media?parent=651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/categories?post=651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dont-panic.cc\/capi\/wp-json\/wp\/v2\/tags?post=651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}