SSHD rejecting every publickey I throw at it

Hi everyone,

I’m having the hardest time getting the OpenSSH server setup to accept authentication with a publickey.

I started with a 2048 bit RSA key, then when that didn’t work, I tried an EdDSA key. Now I’m currently trying an ECDSA key, yet I’m still getting rejected. Thanks to verbose debugging, the specific message is: mm_answer_keyallowed: publickey authentication test: ECDSA key is not allowed and the log seems to identify it as “ecdsa-sha2-nistp256”.

I’m currently on 8.6 Sky Tiger, and I did try adding the PubkeyAcceptedKeyTypes line to sshd_config, but this did not seem to change its mind about accepting my keys.

Can anyone see why the server is constantly rejecting my keys? Is there a specific algorithm I should be using?

what does “update-crypto-policies --show” return?

what does “sestatus” return?

also do you have the your .ssh directory is some weird place other than /home, as i suspect its an SELinux denial - or wrong permissions, e.g. ~/.ssh should be 700 and the keys 600.

what does “ls -ldZ ~/.ssh” return as your user (not root)?

1 Like

Hi @sej7278,

Whelp, mystery solved now I guess. Despite the error on SSHd indicating that it wasn’t accepting the keytype, I went ahead and re-generated the same type of key, but from the server terminal instead of my own PC. I was using puttygen so maybe it was generating the key in some form that SSHd didn’t like. Anyways, I’m logging in now without issue.

Thank you for posting!

oh yeah putty makes weird keys, never thought of that, great news you got it sorted!