0

A team member just upgraded our AWS EC2 instance from 20.04 LTS to 22.04 LTS, and ssh connections broke as a result. Now when I try to open a session (in MobaXterm) I get:

Server refused our key
No supported authentication methods available (server sent: publickey)

I have a public key added to ~/.ssh/authorized_keys on the EC2 box, and I have been using a corresponding .ppk file on my Windows desktop for my private key. This has been working flawlessly, until this "upgrade".

What happened, and how do I go about fixing it?

UPDATE: The issue is that RSA keys are no longer supported. You need keys generated by a more secure algorithm, such as ed25519.

arayq2
  • 101
  • 3
  • Does this answer your question? [Recent update for SSH breaks backward compatibility, how do I downgrade to the previous version?](https://askubuntu.com/questions/1413129/recent-update-for-ssh-breaks-backward-compatibility-how-do-i-downgrade-to-the-p) – Artur Meinild Oct 03 '22 at 14:12
  • Please note that my answer does not actually downgrade, but reenables the legacy `RSA SHA-1` hash algorithm for older connections. – Artur Meinild Oct 03 '22 at 14:13
  • 2
    Does this answer your question? [Ubuntu 22.04 SSH the RSA key isn't working since upgrading from 20.04](https://askubuntu.com/questions/1409105/ubuntu-22-04-ssh-the-rsa-key-isnt-working-since-upgrading-from-20-04) – user68186 Oct 03 '22 at 15:07
  • 1
    @user68186 Basically, yes. Using a new stronger key-pair is superior to re-enabling RSA support. – arayq2 Oct 03 '22 at 15:22

1 Answers1

0

In our case, the issue is that we were using keys generated by the RSA algorithm. This is no longer supported. The resolution is to use new keys generated by a more secure algorithm, such as ed25519. (Generate a key pair, add the public key to the ~/.ssh/authorized_keys file on the EC2 instance[*], and use the private key from the remote client.)

I did exactly that, and now I can connect.

I suppose this is documented somewhere, but where? (Sigh.)

[*] An alternate way to get into the EC2 instance (to transfer the public key) is via the AWS Mangement Console.

arayq2
  • 101
  • 3