Resolving SSH Permission Denied Errors Due to OpenSSH Version Vulnerabilities

If you have encountered errors while using SSH, such as the ones below:

Example 1:

foo@12.34.56.789: Permission denied (publickey).

Example 2:

sign_and_send_pubkey: no mutual signature supported
foo@12.34.56.789: Permission denied (publickey).

It’s possible that you may be using an older version of OpenSSH on your server that is vulnerable to the SHA-1 algorithm, which was disabled in OpenSSH version 8.8 (2021–09–26). If you’re certain that you’ve correctly added the public key to your server, this could be the cause of the error messages.

To determine your local OpenSSH version, enter the following command:

ssh -vv local

The result should look like this:

To resolve the issue, add PubkeyAcceptedKeyTypes +ssh-rsa to your Host entry in the ~/.ssh/config file. It should look like this:

Host fooServer
PubkeyAcceptedKeyTypes +ssh-rsa
Hostname 12.34.56.789
User forge
IdentityFile=~/.ssh/id_rsa

After making these changes, try again and the issue should be resolved.