https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-9-4-SSH-Public-Key-Access-Broken-key-type-ssh-rsa-not-in/m-p/147637#M32844 <P><a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/53461">@parkea2</a>&nbsp;&nbsp;Let me know if you are still looking for the solution, i will help you find an expert who can answer to your query.</P> Tue, 02 Apr 2019 07:52:32 GMT RajeshPanda 2019-04-02T07:52:32Z https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-9-4-SSH-Public-Key-Access-Broken-key-type-ssh-rsa-not-in/m-p/146898#M32690 <P>One of my powers users as role based restricted access to the FAS using a ssh-rsa 2048 public key only. &nbsp; This previously worked&nbsp;OK we started at ONTAP 9.1, then 9.2 and &nbsp;until recently was &nbsp;on 9.3P4 all working OK for about 2 years.</P> <P>&nbsp;</P> <P>The Problem:</P> <P>The user can nolonger access the FAS using the pubkey. &nbsp;I suspect but I &nbsp;cannot be certain this broke when we updated to</P> <P>9.4.P3 in December 2018. &nbsp;The error is: &nbsp;key type ssh-rsa not in PubkeyAcceptedKeyTypes . &nbsp; I also tried a new key ssh-ed25519 both have the same error. &nbsp;See below:</P> <P>--------------</P> <P>00000018.001cc78e 0dcc3fa7 Sat Mar 02 2019 12:04:13 +00:00 [auth_sshd:info:8218] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]<BR />00000018.001cc78f 0dcc3fa7 Sat Mar 02 2019 12:04:13 +00:00 [auth_sshd:info:8218] userauth_pubkey: key type ssh-ed25519 not in PubkeyAcceptedKeyTypes</P> <P>--------------</P> <P>The ssh keys are good, I checked the fingerprint at both end and tested to other servers (Linux / AIX) both worked with the keys OK. &nbsp; Also SSH password based access to the FAS works fine. &nbsp;The MFA second authentication method is set to none.&nbsp;</P> <P>&nbsp;</P> <P>Question:</P> <P>1) As anybody seen this before. &nbsp;I am struggling to get any good hits googling using the error message for ONTAP.</P> <P>&nbsp; &nbsp; Linux hits indicate sshd_config can be updated to allow key types removed at later SSH 7.x levels. For example to</P> <P>&nbsp; &nbsp;allow ssh-dss which was removed from the defaults at openssh 7.x.</P> <P>2) I cannot see any means of querying or modifying the ONTAP (FAS) settings for&nbsp;PubkeyAcceptedKeyTypes.</P> <P>&nbsp;</P> <P>I am able to log a support ticket via the NETAPP Partner IBM who provide our L1/L2 support before it esculates to NETAPP directly via IBM if they cannot resolve it. &nbsp;However I want to ask in the community first and potentially build a stronger testcase to demonstrate the problem.&nbsp;</P> Wed, 04 Jun 2025 12:47:16 GMT https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-9-4-SSH-Public-Key-Access-Broken-key-type-ssh-rsa-not-in/m-p/146898#M32690 parkea2 2025-06-04T12:47:16Z https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-9-4-SSH-Public-Key-Access-Broken-key-type-ssh-rsa-not-in/m-p/147637#M32844 <P><a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/53461">@parkea2</a>&nbsp;&nbsp;Let me know if you are still looking for the solution, i will help you find an expert who can answer to your query.</P> Tue, 02 Apr 2019 07:52:32 GMT https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-9-4-SSH-Public-Key-Access-Broken-key-type-ssh-rsa-not-in/m-p/147637#M32844 RajeshPanda 2019-04-02T07:52:32Z https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-9-4-SSH-Public-Key-Access-Broken-key-type-ssh-rsa-not-in/m-p/147647#M32848 <P>Only got this fully resolved yesterday. It appears a change was made at 9.4 P3 that stops RSA and ED25519 keys</P> <P>from working to the admin SVM. &nbsp;Switching to&nbsp;ECDSA keys resolved the problem.</P> <P>&nbsp;</P> <P>Message seen in log was:</P> <P>00000018.0025399a 0f15eef9 Wed Mar 27 2019 12:14:42 +00:00 [auth_sshd:info:29433] userauth_pubkey: key type ssh-ed25519 not in PubkeyAcceptedKeyTypes [preauth]</P> <P>&nbsp;</P> Tue, 02 Apr 2019 08:09:40 GMT https://community.netapp.com/t5/ONTAP-Discussions/ONTAP-9-4-SSH-Public-Key-Access-Broken-key-type-ssh-rsa-not-in/m-p/147647#M32848 parkea2 2019-04-02T08:09:40Z