Hello,
I enabled public key for ssh access on my aruba switches.
ip ssh
no ip ssh host-key-algorithm ssh-rsa
no ip ssh host-key-algorithm ssh-dss
no ip ssh host-key-algorithm x509v3-ssh-rsa
no ip ssh host-key-algorithm x509v3-sign-rsa2
no ip ssh host-key-algorithm x509v3-sign-rsa
aaa authentication ssh login public-key none
aaa authentication sh enable public-key
Only rsa-sha2-512,rsa-sha2-256 for Host-Key-Algorithm are enabled.
On my client side, I've generated rsa key pair with: ssh-keygen -t rsa-sha2-512 -b 3072
If I check the signature:
ssh-keygen -l -f C:\Users\doritolo\.ssh\id_rsa
3072 SHA256:SIGKEY lab\doritolo@PC1 (RSA)
It look like it is not SHA512.
I've imported the public key on the switch with: copy tftp pub-key-file 10.1.1.100 pub_key.txt manager
When I try to log in, It prompt me for a password, meaning pub key auth is not working as it should be.
With debug log, I can see that there is no mutual signature algorithm:
ssh -vvv -i C:\Users\doritolo\.ssh\id_rsa manager@10.1.1.150
[...]
send_pubkey_test: no mutual signature algorithm
If I add in my config file: PubKeyAcceptedKeyTypes +ssh-rsa
It works now...
I'm using OpenSSH for Windows 9.5p1 (december 2023 release)
ssh-rsa is deprecated because of sha-1, and as I disabled ssh-rsa on aruba, it should not require ssh-rsa.
I don't know why I need to allow it from the client to make it work.
Do you have any info on this ?