• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

After 2.4 upgrade: SSH PubkeyAuth does not working

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
3 Posts 2 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sensemann
    last edited by Oct 21, 2017, 7:52 AM

    Hello,

    after upgrading to 2.4 I cant login with ssh:

    Oct 21 08:30:26 sshd 67507 Disconnected from XXX port 52538 [preauth]
    Oct 21 08:30:26 sshd 67507 error: Received disconnect from XXX port 52538:14: No supported authentication methods available [preauth]
    Oct 21 08:30:26 sshd 67507 userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

    ts the same behaviour on two differenct pfsense boxed and on the Client Side I didnt changed anything. The ssh key is placed in the settings of the "admin" user.

    Authentication Method

    Disable password login for Secure Shell (RSA/DSA key only)

    Best Regards

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Oct 21, 2017, 9:30 AM

      What ssh client are you using?  And what version of pfsense were you on before?

      Pfsense has updated the version of openssh it runs.. So yeah back in 7.0 this was turned off

      userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

      http://www.openssh.com/txt/release-7.0

      • Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html

      What I would suggest is you just create new key types to keep up with the times.. I use ed25519 which current and has been available since 6.5 of ssh.

      Or you could enable it again via edit of the sshd_config..  But better to just update keys and clients to be current standards.

      Yeah the (RSA/DSA key only) text should be updated in the gui.. Can put in a bug report on that..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • S
        sensemann
        last edited by Oct 21, 2017, 8:00 PM

        I updated from the last version.. 2.3.x …
        okay, yes this is the reason, I use old keys..
        thanks!

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received