When in trouble, ssh -vvvvvv :)

Sakis Kasampalis | Jan 2, 2022 min read

xkcd tar

I was configuring a new server and what’s the first thing that we want to setup when doing that? Passwordless ssh of course.

So after following all required steps, I tried to connect. And it failed (still required a password)… So what do we do in that case?

  • Ensure that the key was copied to the remote machine (e.g. by ssh-copy-id). Yep, looks good.
  • Check all related dir and file permissions of both local and remote computers (.ssh and its contents). All good.

So what the heck is wrong? Let’s run ssh in (max) verbosity using ssh -vvv (3 v is the max, adding more v is just for fun):

debug1: Skipping ssh-dss key .ssh/id_dsa - not in PubkeyAcceptedKeyTypes

Gotcha! The server is properly configured to reject DSA keys, since DSA is deprecated because it is considered insecure.

So what went wrong here? Well, I have both DSA and RSA keys in my .ssh dir, and I copied the wrong key using ssh-copy-id. I should probably get rid of the DSA key completely at some point :)