Error: "SSH: userauth_pubkey: key type ssh-ed25519-cert-v01@openssh.com not in PubkeyAcceptedKeyTypes"

search cancel

Error: "SSH: userauth_pubkey: key type [email protected] not in PubkeyAcceptedKeyTypes"

book

Article ID: 372725

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS

Issue/Introduction

SSH Public key authentication results in following error observed in Event Log:

"SSH: userauth_pubkey: key type [email protected] not in PubkeyAcceptedKeyTypes" 0 45000C:96 sgos_log.cpp:150

Environment

Edge SWG configured with SSH Public key authentication

Cause

PubkeyAcceptedKeyTypes is a configuration option of SSH daemon:

OpenSSH Legacy Options

PubkeyAcceptedKeyTypes (ssh/sshd): the public key algorithms that will be attempted by the client, and accepted by the server for public-key authentication (e.g. via .ssh/authorized_keys)

Client uses ssh-ed25519-cert-v01 Public Key Algorithm which is not allowed on Edge SWG(and can't be allowed since there is no option to edit sshd).

Resolution

Reconfigure client to use different SSH Public Key Algorithm:

PROTOCOL.certkeys

Feedback

thumb_up Yes

thumb_down No