I have an EC2 instance authenticated with a key-pair generated by AWS.
With Putty, I can connect to the instance by providing the private key in a PPK file.
When I try to use SSH2 (via one of the NodeJs wrappers, e.g. through the 'ssh2-sftp-client' module), it fails with an error:
getConnection: All configured authentication methods failed
And the auth.log on the instance reports,
sshd[1841]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
I know that OpenSSH has deprecated ssh-rsa but I am still not sure what is wrong here:
- ssh-rsa seems to mean a number of things, and it appears only SHA1 has been deprecated. My key is SHA256 as reported by PuttyGen however so should still work, no?
- If I understand right, changing from ppk to pem just changes the layout and encoding of the file, not the key value itself. If the OpenSSH server is the one doing the rejection, why does Putty work OK?
Does converting from PPK to PEM change the type of the key? If so, how can I convert PPK to PEM into something other than ssh-rsa?
The SSH (server) version is OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
-- Edit because I can't comment yet --
@Tanjin Alam's answer is correct, and in AWS this can be done automatically when the machine is built by adding the following text to the User Data field in the launch template:
#!/bin/bash
sed -i '$aPubkeyAcceptedKeyTypes=+ssh-rsa' /etc/ssh/sshd_config
service sshd restart
