ssh refused: sshd[2444]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]

April 27, 2016 60.8k views
Security Configuration Management Ubuntu 16.04

If you just upgraded Ubuntu 15.04/10 to Ubuntu 16.04 LTS (or otherwise upgraded OpenSSH from v6.9 to v7.0 you may be getting the ssh refusal because of changes in OpenSSH.

I was specifically getting this error in the /var/log/auth.log (via Webmin): sshd[2444]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth].

For this specific error, you need to add “PubkeyAcceptedKeyTypes=+ssh-dss” (without the quotations) to the bottom of your /etc/ssh/sshd_config file.

See: https://superuser.com/questions/1016989/ssh-dsa-keys-no-longer-work-for-password-less-authentication?lq=1

2 Answers

Add a comment so I can heart it. Can’t heart “Questions”, which is what your comment shows up as. Good catch!

As explained in that StackExchange question, the security of ssh-dss is disputed and it would be a wiser idea to generate one of the supported key types, like ssh-rsa or ssh-ed25519, rather than going against the software defaults.

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!