Code: Select all
debug1: Offering public key: /home/my_user/.ssh/id_rsa RSA SHA256:2******************************Y agent
debug1: send_pubkey_test: no mutual signature algorithm
send_pubkey_test: no mutual signature algorithm
Hello, I just upgraded my OS from Ubuntu 20.04 LTS to 22.04 LTS. Now I cannot login to my ROS 7.2.1 devices using an ssh agent. If I try this from any 20.04 OS (or Windows 10 + Putty), then it works. I have tried to connect with "-vvvv" option and this is what I see in the debug log:
What is causing this problem, and how can I fix it?
Re: send_pubkey_test: no mutual signature algorithm
Newer linux distributions are depreciating some older host key and key exchange algorithms. They are still supported by ssh clients, but disabled by default. You can enable them by adding this to ${HOME}/.ssh/config (create file if it doesn't exist already):
And keep your RSA key handy, ROS ssh (still) doesn't support newer ecdsa and ed25519 key types.
Code: Select all
host <router name or IP address>
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
And keep your RSA key handy, ROS ssh (still) doesn't support newer ecdsa and ed25519 key types.
Re: send_pubkey_test: no mutual signature algorithm
Added this into ~/.ssh/config
But I still see this:
Ssh client is on Ubuntu 22.04 LTS, package versions:
* libssh-4/jammy,now 0.9.6-2build1
* libssh-gcrypt-4/jammy,now 0.9.6-2build1
* libssh2-1/jammy,now 1.10.0-3
* openssh-client/jammy,now 1:8.9p1-3
* ssh-import-id/jammy,jammy,now 5.11-0ubuntu1
Code: Select all
host r01.eger.magnet
hostname r01.eger.magnet
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
Code: Select all
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:2****************************Y agent
debug1: send_pubkey_test: no mutual signature algorithm
* libssh-4/jammy,now 0.9.6-2build1
* libssh-gcrypt-4/jammy,now 0.9.6-2build1
* libssh2-1/jammy,now 1.10.0-3
* openssh-client/jammy,now 1:8.9p1-3
* ssh-import-id/jammy,jammy,now 5.11-0ubuntu1
Re: send_pubkey_test: no mutual signature algorithm [SOLVED]
Ignore the options above... What you need is:
Code: Select all
PubkeyAcceptedAlgorithms +ssh-rsaRe: send_pubkey_test: no mutual signature algorithm
Gosh ... this is a new one. A thing to remember.
Re: send_pubkey_test: no mutual signature algorithm
And please complain to support...
The earlier we may have support for ed25519 keys.
The earlier we may have support for ed25519 keys.
Re: send_pubkey_test: no mutual signature algorithm
Thanks, it works!
This is all I needed
This is all I needed
Code: Select all
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
PubkeyAcceptedAlgorithms +ssh-rsa
Re: send_pubkey_test: no mutual signature algorithm
Just the last line should be sufficient. The others enable legacy things you do not want.
Re: send_pubkey_test: no mutual signature algorithm
Thanks, that worked quite well.
Code: Select all
Match host 192.168.1.1,vpn.darkdragon.lan
PubkeyAcceptedAlgorithms +ssh-rsaRe: send_pubkey_test: no mutual signature algorithm
Ignore the options above... What you need is:
Code: Select allPubkeyAcceptedAlgorithms +ssh-rsa
Just wanted to say thank you!! This saved me a considerable amount of time.
-
-
TerminalAddict
just joined
- Posts: 12
- Joined:
- Location: Hamilton, New Zealand
- Contact:
Re: send_pubkey_test: no mutual signature algorithm
not working for me after updating to jammy
Code: Select all
Host gulp
Hostname gulp.bach.redacted.com
Port 22
User paul
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
PubkeyAcceptedAlgorithms +ssh-rsaRe: send_pubkey_test: no mutual signature algorithm
In my case, a new Ubuntu 22.04 server I migrated to wouldn't use the identity file even though I was using the proper syntax. The -vv switch argument on the SSH command showed that the signature algorithm wasn't being accepted. Create a new file in /etc/ssh/ssh_config.d, call it anything.conf, and as previously suggested add this one line: PubkeyAcceptedAlgorithms +ssh-rsa
It's also possible to test this directly in your SSH command before creating the file by adding -o PubkeyAcceptedKeyTypes=+ssh-rsa as an additional option. Worked for me.
It's also possible to test this directly in your SSH command before creating the file by adding -o PubkeyAcceptedKeyTypes=+ssh-rsa as an additional option. Worked for me.
Re: send_pubkey_test: no mutual signature algorithm
Same issue. Thanks @nagylzs for creating this topic and thanks to @eworm for sharing the solution. @mt99 That's a nice tip too!
Here's the one-liner that I did to automate it in Ubuntu 22.04 and in future Ubuntu versions...
No need to restart SSH, as it is a client side configuration.
Here's the one-liner that I did to automate it in Ubuntu 22.04 and in future Ubuntu versions...
Code: Select all
echo "PubkeyAcceptedAlgorithms +ssh-rsa" | sudo tee /etc/ssh/ssh_config.d/rsa-support.confRe: send_pubkey_test: no mutual signature algorithm
As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
So you could create a new key with this:*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
Code: Select all
ssh-keygen -t ed25519 -b 4096Re: send_pubkey_test: no mutual signature algorithm
Wrong:
as highlited: Ed25519 is currently only supported for key exchange. Which doesn't mean that Ed25519 public/private keys are supported (they still are not).
As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:*) ssh - added support for Ed25519 key exchange;
as highlited: Ed25519 is currently only supported for key exchange. Which doesn't mean that Ed25519 public/private keys are supported (they still are not).
Re: send_pubkey_test: no mutual signature algorithm
As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
That is not true. I did not write that.
To date only ed25519 key exchange is supported. Let's hope we will see support for host keys and public key authentication soon.
Re: send_pubkey_test: no mutual signature algorithm
You're right, I missunderstood your comments, let's see if they add the ed25519 for authentication soon...As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
That is not true. I did not write that.
To date only ed25519 key exchange is supported. Let's hope we will see support for host keys and public key authentication soon.
Re: send_pubkey_test: no mutual signature algorithm
Update on the topic. Today I upgraded my ssh client and these cannot be used anymore:
It results in:
It seems to be working with `KexAlgorithms +diffie-hellman-group1-sha1` alone on routeros 7.15 but I'm not sure about older versions.
Code: Select all
HostKeyAlgorithms +ssh-dss
PubkeyAcceptedAlgorithms +ssh-rsa
Code: Select all
/home/user/.ssh/config line 6: Bad key types '+ssh-dss'.
/home/user/.ssh/config: terminating, 1 bad configuration options
Re: send_pubkey_test: no mutual signature algorithm
ThanksNewer linux distributions are depreciating ...