Here's what's going on: I have a DSA ssh-key set up on my MacBook Pro, and the id_dsa.pub
file has been placed in ~/.ssh/authorized_keys
. Permissions are 600 for id_dsa
.
I'm still being asked for my password, what do I do?
I've included output from level 1 debugging below, which I believe should have sufficient information to identify the problem. If not let me know and I will provide level 3.
Daniels-MacBook-Pro:.ssh dsmith$ ssh -v km4ayu.com
OpenSSH_7.2p2, LibreSSL 2.4.1
debug1: Reading configuration data /Users/dsmith/.ssh/config
debug1: /Users/dsmith/.ssh/config line 1: Applying options for km4ayu.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to km4ayu.com [104.168.167.30] port 17785.
debug1: Connection established.
debug1: identity file /Users/dsmith/.ssh/id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /Users/dsmith/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1
debug1: match: OpenSSH_6.6.1p1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to km4ayu.com:17785 as 'kv4lq'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/214EQvH59cIt2nCaT+XhRruKws4j7Jwo3anBGMGO6g
debug1: Host '[km4ayu.com]:17785' is known and matches the ECDSA host key.
debug1: Found key in /Users/dsmith/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: Skipping ssh-dss key /Users/dsmith/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Next authentication method: password
kv4lq@km4ayu.com's password:
Best Answer
The new openssh version (7.0+) deprecated DSA keys and is not using DSA keys by default (not on server or client). The keys are not preferred to be used anymore, so if you can, I would recommend to use RSA keys where possible.
If you really need to use DSA keys, you need to explicitly allow them in your client config using
Should be enough to put that line in
~/.ssh/config
, as the verbose message is trying to tell you. Ref.