Date: Sat, 10 Feb 2024 06:18:16 +0000 From: Lexi Winter <lexi@le-fay.org> To: Graham Menhennitt <graham@menhennitt.com.au> Cc: freebsd-questions@freebsd.org Subject: Re: putty from Windows to FreeBSD 14.0 says "Server refused our key" Message-ID: <ZccVKIBlRQYU-DhT@ilythia.eden.le-fay.org> In-Reply-To: <296848ac-9121-4b9b-a514-6da8ed2d3af1@menhennitt.com.au> References: <296848ac-9121-4b9b-a514-6da8ed2d3af1@menhennitt.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--/FqP1f1L0EtyLIGY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Graham Menhennitt: > I have a box that I recently upgraded to FreeBSD 14.0. It all appears to = be > working ok except for one thing. When I attempt to use Putty on Windows to > connect to it using SSH, I get an error "Server refused our key" and it > drops back to password authentication. I have not modified sshd_config fr= om > the default. =20 > I've used this same key for many years from Putty and from other FreeBSD > boxes. It still works successfully from FreeBSD 13 to FreeBSD 14, but not > from Putty to FreeBSD 14. =20 > In auth.log on the FreeBSD 14 box, I can see that it says "userauth_pubke= y: > signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]". S= o, > I guess that I could fix this by modifying sshd_config, but I don't > understand why it works from FreeBSD 13 but not Putty. according to its documentation, PuTTY does not support RFC8332 RSA/SHA-2 key authentication: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsa-sha2.html support for RSA/SHA-1 was removed by default in FreeBSD 14.0, so you would need to manually re-enable it to connect via PuTTY (as you discovered). alternatively, and more securely, you could see if PuTTY can generate and use ECDSA or ED25519 keys instead, which don't require SHA-1. --/FqP1f1L0EtyLIGY Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAABCAAdFiEEuwt6MaPcv/+Mo+ftDHqbqZ41x5kFAmXHFSYACgkQDHqbqZ41 x5mncQv9Gju0A+VFRcq9SPZfaG0QpGc0pRizHERgDZNvrATMb0c6zni6CPfb8kHQ ngVmjDkShp+5FbhsxrMvj3mrGFrhwntBRYPGqwoleKyWajQN2dk36cGq05wIs1oU /0k9J+kIzu1AE1IuNKfCR4OlIp6okj0DIhcfJjKVT5HfwP2/2AjHxgGQFwNlYIRB B36liQshe/+WQi2z/wB7Fn6EKuVIDtnA+o9sJzCu52w0yAtTrh2rrX96YFxkJSh0 DofCgo4VD4tNIIdZPJMCsVg8W3xrjgIwq9m9KLjxv7wBkoJ5SyJh50y4+wPFyyBw CzB+yaEql2R3GzLOA2psAimn9tLTTFLMA8NIPhOtZNysgTrCZJGo/TilcGooKn7M q24GmTTIUhfKWJEYIeQUvPjGwQ2WcUFE+W2qJVKJrQPA4GrCzOcjvA6S9A1ZpqNZ 8OJ+CuDj4JXPgfvl69dX+PaieSGIqpadwqyg/iAdrVGg6k2LvpV6IJQZxBrArvAw H1FgX7oM =Vij/ -----END PGP SIGNATURE----- --/FqP1f1L0EtyLIGY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZccVKIBlRQYU-DhT>