So, you’re trying to log in to your server using your SSH key, but you’re getting a mysterious error message instead: “userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
“. Frustrating, right?
Don’t worry, you’re not locked out forever. A quick Google search revealed the culprit: SHA-1 is no longer considered secure. Yep, that algorithm used to be the norm for SSH keys, but times have changed, and servers are now stricter.
Now, there are a few ways to tackle this. Some might suggest generating a new key with a more secure algorithm, but hey, we all love a quick fix sometimes. So, the easiest way (at least for now) is to configure your server to accept SHA-1.
Here’s what we did:
1. Run this command: # update-crypto-policies --set DEFAULT:SHA1
(Remember, this is not the most secure option!)
2. Restart the SSH service: # systemctl restart sshd
Voila! You should now be able to log in remotely using your old key.
However, this is a temporary solution. While it gets you back into your server, it’s important to remember that using SHA-1 is not recommended for long-term security. It’s best to consider generating a new SSH key with a more secure algorithm like SHA-256 or ed25519 to keep your server safe in the long run.
Stay secure, friends!