key type ssh-rsa not in PubkeyAcceptedAlgorithms
When attempting to connect to an SSH server with public key authentication, you may run into the following error when checking your server's SSH log file:
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms
Most likely if you're connecting to a server with a newer operating system, such as Ubuntu 22 or Debian 12.
This error occurs because the SHA RSA 1 algorithm that DeployHQ traditionally used for key generation, is no longer supported out the box in newer Linux systems.
You can allow support for this key by adding the following line to /etc/ssh/sshd_config
:
PubkeyAcceptedAlgorithms +ssh-rsa
Then restarting the SSH service. This will mean that any SSH connections with that key type, will be accepted.
However, it may be preferential for better security, to update the SSH key on your project to a newer type, as outlined below.
ED25519 keys
For new projects, DeployHQ now generates ED25519 keys by default, which is a more modern and widely accepted algorithm in newer operating systems.
In the case of an existing project that has been created previously, there will likely be an RSA key in use. You can update the key by uploading your own custom keypair, which will then require you to ensure all other SSH connections (repository, and other SSH servers) on that project are updated to use the same new keypair.
Instructions on generating and uploading your own ED25519 key, can be found below:
https://www.deployhq.com/support/projects/uploading-a-custom-key-pair