Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    After 2.4 upgrade: SSH PubkeyAuth does not working

    Installation and Upgrades
    2
    3
    1049
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sensemann last edited by

      Hello,

      after upgrading to 2.4 I cant login with ssh:

      Oct 21 08:30:26 sshd 67507 Disconnected from XXX port 52538 [preauth]
      Oct 21 08:30:26 sshd 67507 error: Received disconnect from XXX port 52538:14: No supported authentication methods available [preauth]
      Oct 21 08:30:26 sshd 67507 userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

      ts the same behaviour on two differenct pfsense boxed and on the Client Side I didnt changed anything. The ssh key is placed in the settings of the "admin" user.

      Authentication Method

      Disable password login for Secure Shell (RSA/DSA key only)

      Best Regards

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        What ssh client are you using?  And what version of pfsense were you on before?

        Pfsense has updated the version of openssh it runs.. So yeah back in 7.0 this was turned off

        userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

        http://www.openssh.com/txt/release-7.0

        • Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html

        What I would suggest is you just create new key types to keep up with the times.. I use ed25519 which current and has been available since 6.5 of ssh.

        Or you could enable it again via edit of the sshd_config..  But better to just update keys and clients to be current standards.

        Yeah the (RSA/DSA key only) text should be updated in the gui.. Can put in a bug report on that..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 22.05 | Lab VMs CE 2.6, 2.7

        1 Reply Last reply Reply Quote 0
        • S
          sensemann last edited by

          I updated from the last version.. 2.3.x …
          okay, yes this is the reason, I use old keys..
          thanks!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post