Page 1 of 1
send_pubkey_test: no mutual signature algorithm
Posted: Mon May 02, 2022 5:03 pm
by nagylzs
Hello, I just upgraded my OS from Ubuntu 20.04 LTS to 22.04 LTS. Now I cannot login to my ROS 7.2.1 devices using an ssh agent. If I try this from any 20.04 OS (or Windows 10 + Putty), then it works. I have tried to connect with "-vvvv" option and this is what I see in the debug log:
debug1: Offering public key: /home/my_user/.ssh/id_rsa RSA SHA256:2******************************Y agent
debug1: send_pubkey_test: no mutual signature algorithm
What is causing this problem, and how can I fix it?
Re: send_pubkey_test: no mutual signature algorithm
Posted: Mon May 02, 2022 8:22 pm
by mkx
Newer linux distributions are depreciating some older host key and key exchange algorithms. They are still supported by ssh clients, but disabled by default. You can enable them by adding this to
${HOME}/.ssh/config (create file if it doesn't exist already):
host <router name or IP address>
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
And keep your RSA key handy, ROS ssh (still) doesn't support newer ecdsa and ed25519 key types.
Re: send_pubkey_test: no mutual signature algorithm
Posted: Wed May 04, 2022 10:47 am
by nagylzs
Thank you
Re: send_pubkey_test: no mutual signature algorithm
Posted: Mon May 09, 2022 1:06 pm
by nagylzs
Added this into ~/.ssh/config
host r01.eger.magnet
hostname r01.eger.magnet
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
But I still see this:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:2****************************Y agent
debug1: send_pubkey_test: no mutual signature algorithm
Ssh client is on Ubuntu 22.04 LTS, package versions:
* libssh-4/jammy,now 0.9.6-2build1
* libssh-gcrypt-4/jammy,now 0.9.6-2build1
* libssh2-1/jammy,now 1.10.0-3
* openssh-client/jammy,now 1:8.9p1-3
* ssh-import-id/jammy,jammy,now 5.11-0ubuntu1
Re: send_pubkey_test: no mutual signature algorithm [SOLVED]
Posted: Mon May 09, 2022 6:04 pm
by eworm
Ignore the options above... What you need is:
PubkeyAcceptedAlgorithms +ssh-rsa
Re: send_pubkey_test: no mutual signature algorithm
Posted: Mon May 09, 2022 6:08 pm
by mkx
Gosh ... this is a new one. A thing to remember.
Re: send_pubkey_test: no mutual signature algorithm
Posted: Mon May 09, 2022 6:10 pm
by eworm
And please complain to support...
The earlier we may have support for ed25519 keys.
Re: send_pubkey_test: no mutual signature algorithm
Posted: Thu May 12, 2022 10:48 am
by nagylzs
Thanks, it works!
This is all I needed
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
PubkeyAcceptedAlgorithms +ssh-rsa
Re: send_pubkey_test: no mutual signature algorithm
Posted: Thu May 12, 2022 5:08 pm
by eworm
Just the last line should be sufficient. The others enable legacy things you do not want.
Re: send_pubkey_test: no mutual signature algorithm
Posted: Tue May 31, 2022 3:52 pm
by AnrDaemon
Thanks, that worked quite well.
Match host 192.168.1.1,vpn.darkdragon.lan
PubkeyAcceptedAlgorithms +ssh-rsa
Re: send_pubkey_test: no mutual signature algorithm
Posted: Mon Jul 11, 2022 4:47 am
by ej2pi
Ignore the options above... What you need is:
PubkeyAcceptedAlgorithms +ssh-rsa
Just wanted to say thank you!! This saved me a considerable amount of time.
Re: send_pubkey_test: no mutual signature algorithm
Posted: Wed Aug 24, 2022 11:44 am
by TerminalAddict
not working for me after updating to jammy
Host gulp
Hostname gulp.bach.redacted.com
Port 22
User paul
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-dss
PubkeyAcceptedAlgorithms +ssh-rsa
Re: send_pubkey_test: no mutual signature algorithm
Posted: Sun Sep 18, 2022 7:19 am
by mt99
In my case, a new Ubuntu 22.04 server I migrated to wouldn't use the identity file even though I was using the proper syntax. The -vv switch argument on the SSH command showed that the signature algorithm wasn't being accepted. Create a new file in /etc/ssh/ssh_config.d, call it anything.conf, and as previously suggested add this one line: PubkeyAcceptedAlgorithms +ssh-rsa
It's also possible to test this directly in your SSH command before creating the file by adding -o PubkeyAcceptedKeyTypes=+ssh-rsa as an additional option. Worked for me.
Re: send_pubkey_test: no mutual signature algorithm
Posted: Sun Dec 04, 2022 6:13 am
by pothi
Same issue. Thanks @nagylzs for creating this topic and thanks to @eworm for sharing the solution. @mt99 That's a nice tip too!
Here's the one-liner that I did to automate it in Ubuntu 22.04 and in future Ubuntu versions...
echo "PubkeyAcceptedAlgorithms +ssh-rsa" | sudo tee /etc/ssh/ssh_config.d/rsa-support.conf
No need to restart SSH, as it is a client side configuration.
Re: send_pubkey_test: no mutual signature algorithm
Posted: Fri Jan 13, 2023 1:23 pm
by aseques
As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
So you could create a new key with this:
ssh-keygen -t ed25519 -b 4096
Re: send_pubkey_test: no mutual signature algorithm
Posted: Fri Jan 13, 2023 2:47 pm
by mkx
Wrong:
As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
*) ssh - added support for Ed25519 key exchange;
as highlited: Ed25519 is currently only supported for key exchange. Which doesn't mean that Ed25519 public/private keys are supported (they still are not).
Re: send_pubkey_test: no mutual signature algorithm
Posted: Fri Jan 13, 2023 7:14 pm
by eworm
As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
That is not true. I did not write that.
To date only ed25519
key exchange is supported. Let's
hope we will see support for host keys and public key authentication soon.
Re: send_pubkey_test: no mutual signature algorithm
Posted: Wed Feb 01, 2023 11:49 am
by aseques
As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
That is not true. I did not write that.
To date only ed25519
key exchange is supported. Let's
hope we will see support for host keys and public key authentication soon.
You're right, I missunderstood your comments, let's see if they add the ed25519 for authentication soon...
