Hi, Jeffrey Walton wrote: > If I am not mistaken, the problem you are experiencing is due to using > RSA/SHA-1 on the old machine.
Max Nikulin wrote: > My reading of /usr/share/doc/openssh-client/NEWS.Debian.gz is that ssh-rsa > means SHA1 while clients offers SHA256 for the same id_rsa key. Indeed NEWS.Debian.gz links PubkeyAcceptedAlgorithms +ssh-rsa to RSA/SHA1. This is the explanation why the message does not say that ssh-rsa is disabled and why the web is so unclear about the ssh-rsa hash algorithm. So the Debian 12 client really offered the RSA key but not in a way the Debian 8 server could handle. The ssh -v messages have a line debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5 (I wonder what the string "Debian-5" may mean. The Debian 12 machine has debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 So "-5" is not the Debian version. ) NEWS.Debian.gz says OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible. So the Debian 8 sshd is too old for a better ssh-rsa handshake and the connection might have been highjacked since 2022 "for <USD$50K". ------------------------------------------------------------------------ To my luck, this all is just for technical curiosity. Since the better reputed ssh-ed25519 key of the Debian 12 machine is accepted by the Debian 8 sshd, i will not use the ssh-rsa key anyways. After my experiments i commented out the line PubkeyAcceptedAlgorithms +ssh-rsa in ~/.ssh/config of the Debian 12 machine and verified that id_rsa now again is rejected with debug1: send_pubkey_test: no mutual signature algorithm Have a nice day :) Thomas