Paramiko doesn't support rsa-sha2-512 and rsa-sha2-256.

[Dreamsorcerer]

When trying to connect to my server with Paramiko, I just get Authentication failed..
Looking at the server logs, I see:
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]

The connection works fine using openssh with the same key, so it looks like Paramiko doesn't use rsa-sha2-512/256.

[ploxiln]

see #1520 and #1643

[Dreamsorcerer]

Thanks, just waiting for one of the to be merged then.

[ChristopherRabotin]

Hi there,
I have a similar issue, but I'm not sure my key is RSA2. ssh-keygen says it's 3076: SHA256:... no comment (RSA). Is that an RSA2 key? And if it is, when should we expect these pull requested to be merged and published? Is there anything I can help with to put those through the pipeline?
Thanks

[Dreamsorcerer]

There's technically only one RSA key. The older ssh-rsa means that the handshake with the server uses SHA1, which is not considered secure. The same RSA key can be used with both ssh-rsa and rsa-sha2-* types.

The primary reason to support these, is to ensure we can complete the authentication without using the insecure SHA1 algorithm (which I disable on my servers).

[ChristopherRabotin]

From https://superuser.com/questions/1444319/how-to-check-ssh-key-version-locally, my key is an RSAv2.

[Dreamsorcerer]

I think you misread that. It's talking about an SSHv2 key. Without reading further, my guess is that is a different format for storing the key, it doesn't have any bearing on the type of a key (i.e. it doesn't affect whether it's RSA or not).

[ChristopherRabotin]

You're right, my mistake. I meant to write "SHA2" or "SHA1".