Looking for a working example of sshd_config setup fille

Tue Aug 19 01:09:59 UTC 2025

I would suspect the initial system, the client that was used to setup the
initial keys, used the earlier Sha rsa.  He might try re-running the key
creation process on the client, if the os is more recent.

this would require the associated pub key to be copied to the remote box as
well.

On Mon, Aug 18, 2025, 8:36 PM Colin Watson <cjwatson at ubuntu.com> wrote:

> On Mon, Aug 18, 2025 at 02:21:59PM +0100, Peter Flynn wrote:
> >On 18/08/2025 14:16, Colin Law wrote:
> >>What do I have to do after installing Ubuntu Desktop on machine A
> >>before I can ssh into machine B (assuming it already has ssh server
> >>working)?
> >
> >The only note I have is the one I posted earlier. On Machine B (the
> >target system), add these two lines to /etc/ssh/sshd_config
> >
> >PubkeyAcceptedKeyTypes +ssh-rsa
> >HostkeyAlgorithms +ssh-rsa
>
> I have no idea what, but something is weird about your systems, because
> this is _not_ required in general.
>
> To test, I launched two copies of Ubuntu 24.04, and created a non-root
> user in both.  On one (the server), I installed the openssh-server
> package.  On the other (the client), I generated an RSA key and used
> ssh-copy-id to copy it to the server, initially using password
> authentication.  I was then able to use ssh to connect from the client
> to the server using public key authentication, exactly as I would
> expect.  I did not have to make any changes to the default sshd_config.
>
> What versions of Ubuntu do you have on each end?  Is there anything else
> at all unusual about these systems?
>
> >But others have warned that RSA is untrustworthy or obsolete,
>
> No, it is neither untrustworthy nor obsolete.  Technical details follow,
> although most people who are just using ssh in the obvious ways should
> not need to know them.
>
> The problem is only the SHA-1 hash algorithm used in combination with
> RSA (which is confusingly called "ssh-rsa" in SSH protocol-speak; I
> guess the original protocol authors didn't think ahead quite far
> enough).  RSA keys are fine when used with stronger hash algorithms,
> which is what the "rsa-sha2-512" and "rsa-sha2-256" signature algorithms
> mean.
>
> This is not normally something OpenSSH users need to think about.
> Support for rsa-sha2-* was added in OpenSSH 7.2, which is in everything
> from Ubuntu 16.04 onwards.  As far as I know, to have a problem, you'd
> have to be trying to connect from OpenSSH < 7.2 (say, Ubuntu 14.04) to
> OpenSSH >= 8.8 (say, Ubuntu 22.04), or to be using something other than
> OpenSSH on the client side that hasn't been upgraded or that hasn't
> closely tracked improvements in the SSH protocol.
>
> This is all documented in https://www.openssh.com/releasenotes.html#8.8,
> which I essentially copied into
> /usr/share/doc/openssh-client/NEWS.Debian.gz in the entry under
> 1:8.8p1-1.  To the best of my knowledge, it's accurate.
>
> --
> Colin Watson (he/him)                              [cjwatson at ubuntu.com]
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20250818/70148a1a/attachment.html>