Cannot connect to ubuntu 22.04

key type ssh-rsa not in PubkeyAcceptedAlgorithms

If you are encountering the error "key type ssh-rsa not in PubkeyAcceptedAlgorithms" while attempting to connect to an SSH server with public key authentication, there is no need to worry. This error usually occurs when you are connecting to a server with a newer operating system such as Ubuntu 22. The reason for this error is that the SHA RSA 1 algorithm used for key generation by DeployBot is no longer supported in newer Linux systems.

Fortunately, you can easily resolve this issue by adding the following line to /etc/ssh/sshd_config :

PubkeyAcceptedAlgorithms +ssh-rsa

After adding this line, you will need to restart the SSH service. Once you have done this, any SSH connections with that key type will be accepted.

However, we recommend that you consider updating the SSH key on your project to a newer type for better security. DeployBot will allow the generation of ED25519 keys by default, which is a more modern and widely accepted algorithm in newer operating systems (it's under development). For existing projects that have been created previously, you can contact support to update them with the newer algorithm (will be released soon).

We hope this information helps you resolve the issue and secure your SSH connections. If you have any further questions or concerns, please do not hesitate to reach out to us.

Allow Password Authentication from certain IPs


The other option would be to change the file etc/ssh/sshd_config again, and allow password authentication but only for certain IPs, which we will whitelist, like this:

PasswordAuthentication no
Match Address 192.168.1.0/24
    PasswordAuthentication yes
Match Address 2001:470:1f0b:915::/64
    PasswordAuthentication yes

DeployBot IPs can be found here: https://support.deploybot.com/article/96-ips-and-ports-for-firewall-setup


Disable EC2 Instance Connect on AWS

If you are using an instance on AWS, something that it was causing some issues was that the SSH keys are checked against another file (ec2-instance-connect/eic_run_authorized_keys), so it should be disabled to avoid issues. More info here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html

Still need help? Contact Us Contact Us