Re: putty from Windows to FreeBSD 14.0 says "Server refused our key"

Reply: Lexi Winter : "Re: putty from Windows to FreeBSD 14.0 says "Server refused our key""
In reply to: Graham Menhennitt : "putty from Windows to FreeBSD 14.0 says "Server refused our key""
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Lexi Winter <lexi_at_le-fay.org>
Date: Sat, 10 Feb 2024 06:18:16 UTC

Graham Menhennitt:
> I have a box that I recently upgraded to FreeBSD 14.0. It all appears to be
> working ok except for one thing. When I attempt to use Putty on Windows to
> connect to it using SSH, I get an error "Server refused our key" and it
> drops back to password authentication. I have not modified sshd_config from
> the default.
 
> I've used this same key for many years from Putty and from other FreeBSD
> boxes. It still works successfully from FreeBSD 13 to FreeBSD 14, but not
> from Putty to FreeBSD 14.
 
> In auth.log on the FreeBSD 14 box, I can see that it says "userauth_pubkey:
> signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]". So,
> I guess that I could fix this by modifying sshd_config, but I don't
> understand why it works from FreeBSD 13 but not Putty.

according to its documentation, PuTTY does not support RFC8332 RSA/SHA-2
key authentication:

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsa-sha2.html

support for RSA/SHA-1 was removed by default in FreeBSD 14.0, so you
would need to manually re-enable it to connect via PuTTY (as you
discovered).

alternatively, and more securely, you could see if PuTTY can generate
and use ECDSA or ED25519 keys instead, which don't require SHA-1.