Automic SSH Action Pack does not support modern signature algorithms.
When attempting to sign in to a newly created Linux server using the Automic SSH Action Pack 1.2.4 you receive the following error in the report:
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519)
On the Linux server, you see this error in the sshd logs:
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
error: Received disconnect from IP port com.jcraft.jsch.JSchException: Auth fail [preauth]
You have validated that the key works using OpenSSH from Windows as that is how the sshd log output listed above could be extracted.
You also attempted to use an ECDSA key to avoid the ssh-rsa signing issue, validated it with an OpenSSH client, and received this error in the report when using the action pack:
com.jcraft.jsch.JSchException: invalid privatekey: [RANDOM_CHARACTERS
at com.jcraft.jsch.KeyPair.load(KeyPair.java:664)
SSH Action Pack 1.2.4 and inferior while connecting to recent OS with recent algorithms like rsa-sha2.
The current Action Pack version 1.2.4 supports the following key algorithms: ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, and ecdsa-sha2-nistp521.
From the incident analysis, it appears that the target environment does not support ssh-rsa but does support rsa-sha2 and possibly ECDSA.Unfortunately, the current Action Pack does not support rsa-sha2 but does support ECDSA.
However, there seems to be an error related to ECDSA, likely due to the SSH Private Key file format (specified as file path in the input parameter) not being understood by the SSH Action Pack.
Recent versions of OpenSSH (7.8 and newer) generate keys in a new format by default, starting with -----BEGIN OPENSSH PRIVATE KEY-----, whereas the Action Pack supports the classic OpenSSH format.
This explains why ECDSA is also not functioning as expected.
As a workaround, you can convert the private key file or create a new one in the classic OpenSSH format. You can use ssh-keygen or a similar utility for this purpose.
Option a) Convert an existing private key file into the classic OpenSSH format, you can use the following command:
ssh-keygen -p -f <privateKeyFile> -m pem -P passphrase -N passphrase
This will overwrite the private key file identified by the -f option with a new private key in the classic OpenSSH format (PEM).
Option b) Generate new private key file into classic OPENSSH format:
Alternatively, you can generate a new private key file in the classic OpenSSH format using the -m flag, for example:
ssh-keygen -m PEM
Update to a fix version listed below or a newer version if available.
Fix version:
Component(s): SSH Action Pack
Package.SSH 2.0.0 - Available
You can download the latest version from the marketplace
Defect ID: DE129056
Defect Public Description: Automic SSH Action Pack supports modern signature algorithms.