Community discussions

MikroTik App
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

send_pubkey_test: no mutual signature algorithm

Mon May 02, 2022 5:03 pm

Hello, I just upgraded my OS from Ubuntu 20.04 LTS to 22.04 LTS. Now I cannot login to my ROS 7.2.1 devices using an ssh agent. If I try this from any 20.04 OS (or Windows 10 + Putty), then it works. I have tried to connect with "-vvvv" option and this is what I see in the debug log:
debug1: Offering public key: /home/my_user/.ssh/id_rsa RSA SHA256:2******************************Y agent
debug1: send_pubkey_test: no mutual signature algorithm
What is causing this problem, and how can I fix it?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: send_pubkey_test: no mutual signature algorithm

Mon May 02, 2022 8:22 pm

Newer linux distributions are depreciating some older host key and key exchange algorithms. They are still supported by ssh clients, but disabled by default. You can enable them by adding this to ${HOME}/.ssh/config (create file if it doesn't exist already):

host <router name or IP address>
        KexAlgorithms +diffie-hellman-group1-sha1
        HostKeyAlgorithms +ssh-dss

And keep your RSA key handy, ROS ssh (still) doesn't support newer ecdsa and ed25519 key types.
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: send_pubkey_test: no mutual signature algorithm

Wed May 04, 2022 10:47 am

Thank you
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: send_pubkey_test: no mutual signature algorithm

Mon May 09, 2022 1:06 pm

Added this into ~/.ssh/config
host r01.eger.magnet
    hostname r01.eger.magnet
    KexAlgorithms +diffie-hellman-group1-sha1
    HostKeyAlgorithms +ssh-dss
But I still see this:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:2****************************Y agent
debug1: send_pubkey_test: no mutual signature algorithm
Ssh client is on Ubuntu 22.04 LTS, package versions:

* libssh-4/jammy,now 0.9.6-2build1
* libssh-gcrypt-4/jammy,now 0.9.6-2build1
* libssh2-1/jammy,now 1.10.0-3
* openssh-client/jammy,now 1:8.9p1-3
* ssh-import-id/jammy,jammy,now 5.11-0ubuntu1
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: send_pubkey_test: no mutual signature algorithm  [SOLVED]

Mon May 09, 2022 6:04 pm

Ignore the options above... What you need is:
PubkeyAcceptedAlgorithms +ssh-rsa
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: send_pubkey_test: no mutual signature algorithm

Mon May 09, 2022 6:08 pm

Gosh ... this is a new one. A thing to remember.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: send_pubkey_test: no mutual signature algorithm

Mon May 09, 2022 6:10 pm

And please complain to support...
The earlier we may have support for ed25519 keys. 😜
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: send_pubkey_test: no mutual signature algorithm

Thu May 12, 2022 10:48 am

Thanks, it works!

This is all I needed
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
PubkeyAcceptedAlgorithms +ssh-rsa
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: send_pubkey_test: no mutual signature algorithm

Thu May 12, 2022 5:08 pm

Just the last line should be sufficient. The others enable legacy things you do not want.
 
AnrDaemon
just joined
Posts: 8
Joined: Mon Jul 27, 2020 2:51 pm

Re: send_pubkey_test: no mutual signature algorithm

Tue May 31, 2022 3:52 pm

Thanks, that worked quite well.
Match host 192.168.1.1,vpn.darkdragon.lan
  PubkeyAcceptedAlgorithms +ssh-rsa
 
ej2pi
just joined
Posts: 1
Joined: Tue Dec 07, 2021 6:43 pm

Re: send_pubkey_test: no mutual signature algorithm

Mon Jul 11, 2022 4:47 am

Ignore the options above... What you need is:
PubkeyAcceptedAlgorithms +ssh-rsa

Just wanted to say thank you!! This saved me a considerable amount of time.
 
User avatar
TerminalAddict
just joined
Posts: 12
Joined: Wed May 25, 2016 6:46 am
Location: Hamilton, New Zealand
Contact:

Re: send_pubkey_test: no mutual signature algorithm

Wed Aug 24, 2022 11:44 am

not working for me after updating to jammy
Host gulp
        Hostname gulp.bach.redacted.com
        Port 22
        User paul
        KexAlgorithms +diffie-hellman-group1-sha1
        HostKeyAlgorithms +ssh-dss
        PubkeyAcceptedAlgorithms +ssh-rsa
 
mt99
newbie
Posts: 43
Joined: Wed Jan 03, 2018 6:07 pm

Re: send_pubkey_test: no mutual signature algorithm

Sun Sep 18, 2022 7:19 am

In my case, a new Ubuntu 22.04 server I migrated to wouldn't use the identity file even though I was using the proper syntax. The -vv switch argument on the SSH command showed that the signature algorithm wasn't being accepted. Create a new file in /etc/ssh/ssh_config.d, call it anything.conf, and as previously suggested add this one line: PubkeyAcceptedAlgorithms +ssh-rsa

It's also possible to test this directly in your SSH command before creating the file by adding -o PubkeyAcceptedKeyTypes=+ssh-rsa as an additional option. Worked for me.
 
User avatar
pothi
newbie
Posts: 46
Joined: Fri Sep 14, 2018 7:48 pm
Location: Srivilliputhur, Tamil Nadu, India
Contact:

Re: send_pubkey_test: no mutual signature algorithm

Sun Dec 04, 2022 6:13 am

Same issue. Thanks @nagylzs for creating this topic and thanks to @eworm for sharing the solution. @mt99 That's a nice tip too!


Here's the one-liner that I did to automate it in Ubuntu 22.04 and in future Ubuntu versions...
echo "PubkeyAcceptedAlgorithms +ssh-rsa" | sudo tee /etc/ssh/ssh_config.d/rsa-support.conf
No need to restart SSH, as it is a client side configuration.
 
aseques
newbie
Posts: 26
Joined: Fri Oct 10, 2014 10:04 am

Re: send_pubkey_test: no mutual signature algorithm

Fri Jan 13, 2023 1:23 pm

As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
So you could create a new key with this:
ssh-keygen -t ed25519 -b 4096
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: send_pubkey_test: no mutual signature algorithm

Fri Jan 13, 2023 2:47 pm

Wrong:
As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
*) ssh - added support for Ed25519 key exchange;

as highlited: Ed25519 is currently only supported for key exchange. Which doesn't mean that Ed25519 public/private keys are supported (they still are not).
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: send_pubkey_test: no mutual signature algorithm

Fri Jan 13, 2023 7:14 pm

As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:

That is not true. I did not write that.

To date only ed25519 key exchange is supported. Let's hope we will see support for host keys and public key authentication soon.
 
aseques
newbie
Posts: 26
Joined: Fri Oct 10, 2014 10:04 am

Re: send_pubkey_test: no mutual signature algorithm

Wed Feb 01, 2023 11:49 am

As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:

That is not true. I did not write that.

To date only ed25519 key exchange is supported. Let's hope we will see support for host keys and public key authentication soon.
You're right, I missunderstood your comments, let's see if they add the ed25519 for authentication soon...

Who is online

Users browsing this forum: No registered users and 62 guests