SHA-1 is no longer considered secure

So, you’re trying to log in to your server using your SSH key, but you’re getting a mysterious error message instead: “userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]“. Frustrating, right?

SHA-1 is no longer considered secure

SHA-1 is no longer considered secure

Don’t worry, you’re not locked out forever. A quick Google search revealed the culprit: SHA-1 is no longer considered secure. Yep, that algorithm used to be the norm for SSH keys, but times have changed, and servers are now stricter.

Now, there are a few ways to tackle this. Some might suggest generating a new key with a more secure algorithm, but hey, we all love a quick fix sometimes. So, the easiest way (at least for now) is to configure your server to accept SHA-1.

Here’s what we did:

1. Run this command: # update-crypto-policies --set DEFAULT:SHA1 (Remember, this is not the most secure option!)
2. Restart the SSH service: # systemctl restart sshd

Voila! You should now be able to log in remotely using your old key.

However, this is a temporary solution. While it gets you back into your server, it’s important to remember that using SHA-1 is not recommended for long-term security. It’s best to consider generating a new SSH key with a more secure algorithm like SHA-256 or ed25519 to keep your server safe in the long run.

Stay secure, friends!

This entry was posted in linux, my life. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *