Header

key type ssh-rsa not in PubkeyAcceptedAlgorithms

When attempting to connect to an SSH server with public key authentication, you may run into the following error when checking your server's SSH log file:

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms

Most likely if you're connecting to a server with a newer operating system, such as Ubuntu 22 or Debian 12.

This error occurs because the SHA RSA 1 algorithm that DeployHQ traditionally used for key generation, is no longer supported out the box in newer Linux systems.

You can allow support for this key by adding the following line to /etc/ssh/sshd_config:

PubkeyAcceptedAlgorithms +ssh-rsa

Then restarting the SSH service. This will mean that any SSH connections with that key type, will be accepted.

However, it may be preferential for better security, to update the SSH key on your project to a newer type, as outlined below.

ED25519 keys

For new projects, DeployHQ now generates ED25519 keys by default, which is a more modern and widely accepted algorithm in newer operating systems.

In the case of an existing project that has been created previously, there will likely be an RSA key in use. You can update the key by uploading your own custom keypair, which will then require you to ensure all other SSH connections (repository, and other SSH servers) on that project are updated to use the same new keypair.

Instructions on generating and uploading your own ED25519 key, can be found below:

https://www.deployhq.com/support/projects/uploading-a-custom-key-pair

Proudly powered by Katapult. Running on 100% renewable energy.