Merge pull request #141 from drpdishant/patch-1

Steps Troubleshooting permission denied issue with OpenSSH 8.x
teamhephy · Feb 6, 2021 · 452c996 · 452c996
2 parents 318f327 + 42c2618
commit 452c996
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/src/users/ssh-keys.md b/src/users/ssh-keys.md
@@ -57,3 +57,33 @@ Remove keys by their name:
 $ deis keys:remove [email protected]
 Removing [email protected] SSH Key... don
 ```
+
+## Troubleshooting
+
+### Allowing Keytypes
+Latest version of openssh-client i.e 8.0 on Ubuntu Focal (20.04) and Fedora 32,33 are not accepting key types sent by severs running older version of openssh-server. This leads to autentication failure.
+
+- Check your SSH version and follow the troubleshooting steps.
+```bash
+ssh -V
+OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS  8 Dec 2020
+```
+
+To Resolve this error:
+Add the following to your user’s ssh config, or global ssh config at /etc/ssh/ssh_config
+
+```bash
+PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512
+```
+### Generating New Keys with `ed25519` algorithm as Documented on [Github](https://docs.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)
+
+- Another workaroud is to generate a new key-pair using ed25519, this way you can still keep the id_rsa, and use it to connect to systems which don't support `ed25519` algorithm.
+
+```bash
+ssh-keygen -t ed25519 -C "[email protected]"
+```
+- Adding to hephy
+
+```bash
+deis keys:add [email protected] ~/.ssh/id_ed25519.pub
+```