On Thu, 2018-11-22 at 04:56 +0100, Stef Bon wrote: > When I remove the > > PubkeyAcceptedKeyTypes ssh-rsa > > setting, I'm able to login. Huhh I've been always able to login this > way. I see a message about the semantics has been changed, but maybe > more has been changed... > I think - but that is a wild guess - that the client asks it can use > the new rsa-sha2-256/512 methods, server cannot support these cause > these are not listed in the PubkeyAcceptedKeyTypes parameter and > disconnects. Yes, you are right. If you specify this option, the server will reject all the other public key algorithms, but RSA keys are using the SHA2 signatures for some time already and they use different "signature type", but only recent update made this enforced (see the release notes for OpenSSH 7.8 [1]). [1] http://www.openssh.com/txt/release-7.8 Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev