Imagine you’re using dropbear-initrd to log in to a server during boot for unlocking the hard disk encryption and you’re greeted with the following error after a reboot:
root@server: Permission denied (publickey).
🤨😓😖 You start to sweat … this looks like extra work you didn’t need right now. You try to remember: were there any updates lately that could have messed up the initrd? … deep breath, lets take it slowly.
First try to get SSH to spit out more details:
$ ssh -vvv server-boot [...] debug1: Next authentication method: publickey debug1: Offering public key: /home/user/.ssh/... RSA SHA256:... explicit debug1: send_pubkey_test: no mutual signature algorithm [...]
That doesn’t seem right … this worked before. The server is running Ubuntu 20.04 LTS and I’ve just upgraded my work machine to Ubuntu 22.04 LTS. I know that Dropbear doesn’t support ed25519 keys (at least not on the version on the server), that’s why I still use RSA keys for that. 🤔
Time to ask the Internet, but all the posts with a “no mutual signature algorithm” error message are years old … but most of them were circling around the SSH client having deprecated old key types (namely DSA keys). 😯
Can it be that RSA keys have also been deprecated? 😱 … I’ve recently upgraded my client machine 😶 … no way! … well, yes! That was exactly the problem.
Allowing RSA keys in the connection settings for that server allowed me to log in again 😎:
But this whole detour unnecessarily wasted an hour of my life. 😓