Last Updated: February 25, 2016
·
17.15K
· rompetroll

when openssh 7 blocks your public-key

So this happened to my today, after upgrading to openssh 7

git pull
Permission denied (publickey).

After some debugging, I found the following line in the output of ssh -vvv <host>

debug1: Skipping ssh-dss key /home/<user>/.ssh/id_dsa for not in PubkeyAcceptedKeyTypes

So apparently my dsa key is not considered secure anymore. But luckily the debug message also points to the solution ... adding this to ~/.ssh/config helps:

PubkeyAcceptedKeyTypes ssh-dss

That being said, the proper solution would probably be to get a new pair of keys.

4 Responses
Add your response

Thank you for writing this. It saved me a lot of time.

over 1 year ago ·

I got this too, but why? Is there a security advisory about DSA keys? Have they been broken?

over 1 year ago ·

Thanks! I guess it is time to upgrade my router to something that supports more modern key exchanges.

over 1 year ago ·

Thanks Sven
Very accurate tip... save me a lot of time ;)

Cheers!!
Victor Varela

over 1 year ago ·