I was configuring a new server and what’s the first thing that we want to setup when doing that? Passwordless ssh of course.
So after following all required steps, I tried to connect. And it failed (still required a password)… So what do we do in that case?
- Ensure that the key was copied to the remote machine (e.g. by
ssh-copy-id). Yep, looks good. - Check all related dir and file permissions of both local and remote computers (
.sshand its contents). All good.
So what the heck is wrong? Let’s run ssh in (max) verbosity using ssh -vvv (3 v is the max, adding more v is just for fun):
…
debug1: Skipping ssh-dss key .ssh/id_dsa - not in PubkeyAcceptedKeyTypes
…Gotcha! The server is properly configured to reject DSA keys, since DSA is deprecated because it is considered insecure.
So what went wrong here? Well, I have both DSA and RSA keys in my .ssh dir, and I copied the wrong key using ssh-copy-id. I should probably get rid of the DSA key completely at some point :)