After 2.4 upgrade: SSH PubkeyAuth does not working



  • Hello,

    after upgrading to 2.4 I cant login with ssh:

    Oct 21 08:30:26 sshd 67507 Disconnected from XXX port 52538 [preauth]
    Oct 21 08:30:26 sshd 67507 error: Received disconnect from XXX port 52538:14: No supported authentication methods available [preauth]
    Oct 21 08:30:26 sshd 67507 userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

    ts the same behaviour on two differenct pfsense boxed and on the Client Side I didnt changed anything. The ssh key is placed in the settings of the "admin" user.


    Disable password login for Secure Shell (RSA/DSA key only)

    Best Regards


  • LAYER 8 Global Moderator

    What ssh client are you using?  And what version of pfsense were you on before?

    Pfsense has updated the version of openssh it runs.. So yeah back in 7.0 this was turned off

    userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

    http://www.openssh.com/txt/release-7.0

    • Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html

    What I would suggest is you just create new key types to keep up with the times.. I use ed25519 which current and has been available since 6.5 of ssh.

    Or you could enable it again via edit of the sshd_config..  But better to just update keys and clients to be current standards.

    Yeah the (RSA/DSA key only) text should be updated in the gui.. Can put in a bug report on that..



  • I updated from the last version.. 2.3.x …
    okay, yes this is the reason, I use old keys..
    thanks!


Log in to reply