Last Updated: February 25, 2016
· rompetroll

when openssh 7 blocks your public-key

So this happened to my today, after upgrading to openssh 7

git pull
Permission denied (publickey).

After some debugging, I found the following line in the output of ssh -vvv <host>

debug1: Skipping ssh-dss key /home/<user>/.ssh/id_dsa for not in PubkeyAcceptedKeyTypes

So apparently my dsa key is not considered secure anymore. But luckily the debug message also points to the solution ... adding this to ~/.ssh/config helps:

PubkeyAcceptedKeyTypes ssh-dss

That being said, the proper solution would probably be to get a new pair of keys.

4 Responses
Add your response


Thank you for writing this. It saved me a lot of time.

over 1 year ago ·

I got this too, but why? Is there a security advisory about DSA keys? Have they been broken?

over 1 year ago ·

Thanks! I guess it is time to upgrade my router to something that supports more modern key exchanges.

over 1 year ago ·

Thanks Sven
Very accurate tip... save me a lot of time ;)

Victor Varela

over 1 year ago ·
Filed Under