Ubuntu 20.04 to 22.04 upgrade issue

[bobbydank]

I upgraded a server from Ubuntu 20.04.4 LTS to 22.04.1 LTS. I have a configuration that worked before the upgrade and now does not work. It throws this fatal error when I try to connect:

All configured authentication methods failed.

The server is an EC2 server, and I use the AWS-generated key to SSH in. I can still SSH from the Mac terminal, and I can connect using Filezilla. So other connection methods work from my computer.

Here is a copy of my .sftp config file:

{
    "name": "My Server", 
    "host": "**redacted**", 
    "protocol": "sftp", 
    "port": 22, 
    "username": "ubuntu",
    "remotePath": "**redacted**", 
    "uploadOnSave": true, 
    "privateKeyPath": "/Users/**redacted**/.ssh/**redacted**.pem"
}

The error is fatal, so I don't have any errors to go by. Ideas? Is anyone else having this issue?

[altrusl]

Yes, i have similar issue on AWS EC2 Ubuntu 22.04.1 LTS

Newly generated AWS private key converted to ppk does not work (pem neither) With ppk private key on Windows 10 i get "No supported authentication methods available" The same key does not work on Putty 0.70, BUT does work on latest stable Putty 0.77 Newly generated with puttyget keypairs work with Putty 0.77 but not with the vscode-sftp

So i guess that's something new on Ubuntu/AWS which mismatches the extension SSH algorithmes/formats

Update: When i use generated ppk file from pem with new Puttygen, vscode-sftp extensions gives me "Cannot parse privateKey: Unsupported key format" error

Update2: I checked some other key pairs (generated 2 years ago with old Putty and used on Ubuntu 20) They all work with Putty and Xshell, and dont work with vscode-sftp extension connecting to Ubuntu 22.04.1 LTS on AWS EC2

[b34rduck]

Same here after upgrading from 20.04 to 22.04.

I noticed in the logs on my remote server:

sshd[3520636]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

It seems like Ubuntu 2204 latest sshd server dropped support for ssh-rsa. I tried using "algorithms" in the docs and removing ssh-rsa but it didn't seem to work.

A temporary workaround could be editing /etc/ssh/sshd_config and adding back support by adding:

PubkeyAcceptedKeyTypes +ssh-rsa

However this is not secure

[altrusl]

PubkeyAuthentication yes PubkeyAcceptedKeyTypes=+ssh-rsa

Adding this to /etc/ssh/sshd_config didn't help me

[b34rduck]

Are you seeing "userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms" in your /var/log/auth.log when you are trying to connect? That is what I was seeing and it went away after I added PubkeyAcceptedKeyTypes=+ssh-rsa and restarted sshd

Also im sure you did but after editing a service sshd restart is needed

[altrusl]

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

yes, that's what i see in auth.log and i restarted the sshd

[altrusl]

This workaround does not work all the time as can be seen from this discussion

[Natizyskunk]

Please try to generate a new key-pair on the server using ssh-keygen. Then you should be able to connect again.

[altrusl]

I tried two times but unexpectedly with that public key in authorized_keys file the AWS EC2 instance becomes unreachible I have lost a lot of time with remounting the volume to another instance and deleting that key...

[Natizyskunk]

@altrusl, Sorry to hear that 😕 I'll keep an eye on this issue and let you know whenever it's fixed.

[altrusl]

I'm used to your extension so I downgraded to ubuntu 20. But, yes, it's a pity that it doesn't work...

[laubsterboy]

Since ssh-rsa is no longer accepted, I had to generate a new ssh key pair using EdDSA (ssh-keygen -t ed25519) instead of the standard RSA, added the public key to my authorized_keys it's working for me.

[bobbydank]

I'm used to your extension so I downgraded to ubuntu 20. But, yes, it's a pity that it doesn't work...

I made a temporary SSH user and allowed password login until the issue is resolved. Not ideal, but works as a temporary solution.

[Natizyskunk]

As @jmcpheters explain it in his comment on the issue #188. You can try this :

One of the first things I tried when troubleshooting was to use a new key pair, but I generated it using the AWS default of RSA.

I tried a new ED25519 key pair and I can connect no problem.

Problem resolved. Yeah!

Please let me know if it work.

[n00bster]

hi, i have as it looks more or less the same issue. visual studio + vscode-sftp [pre-v1.16.2] + new RSA or ED25519 key pair's gives me since weeks this message "Cannot parse privateKey: Unsupported key format"

does anyone have a working workaround?

[WypSteurSX]

As @jmcpheters explain it in his comment on the issue #188. You can try this :

One of the first things I tried when troubleshooting was to use a new key pair, but I generated it using the AWS default of RSA. I tried a new ED25519 key pair and I can connect no problem. Problem resolved. Yeah!

Please let me know if it work.

Hi ! Didn't work for me, still have "Cannot parse privateKey: Unsupported key format" i use Ubuntu 20.04.6 LTS. I have tried ed25519 but didn't work on 1.16.3, tried to downgrade to 1.16.1 but still doesn't work. Anybody have an idea on how to resolve this?

Edit : Solved by downgrading putty format key version 3 to version 2. (In putty Key>parameters for saving key files> check version 2 for ppk file version)