I tried to google my question without any answer that works…
I have an id_dsa private key, but "lost" my public one.
When I generate a new public one with ssh-keygen -yf .ssh/id_dsa > .ssh/id_dsa.pub, ssh starts asking me for password instead of passphrase.
It might be related to xattr on that file? If yes, didn't find how to set proper xattr on id_dsa.pub.
Any idea how to regenerate my public key ? (excepted generate a new keypair ^^)
Thanks for the time you spent reading me 😉
[edit]
hope this will help
output of ssh -v someserver
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /Users/***/.ssh/config
debug1: /Users/***/.ssh/config line 53: Applying options for aliasname
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to ftp.some-server.com [213.186.some.ip] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/***/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/***/.ssh/id_rsa-cert type -1
debug1: identity file /Users/***/.ssh/id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /Users/***/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/***/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/***/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/***/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/***/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1
debug1: match: OpenSSH_6.0p1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ftp.some-server.com:22 as 'aliasname'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:**********************
debug1: Host 'ftp.some-server.com' is known and matches the RSA host key.
debug1: Found key in /Users/***/.ssh/known_hosts:2
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: Skipping ssh-dss key /Users/***/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/***/.ssh/github_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/***/.ssh/id_rsa
debug1: Trying private key: /Users/***/.ssh/id_ecdsa
debug1: Trying private key: /Users/***/.ssh/id_ed25519
debug1: Next authentication method: password
Best Answer
The DSA key is not used because of
you should really use RSA or some other key type. DSA is not recommended, because it has fixed size 1024 bits which is not enough nowadays.
If you really have to use it, you can add to your
~/.ssh/configas described in the official documentation for legacy altorithms.