petru

Unable to ssh into the Rhel9 server. Error message: ssh-rsa algorithm is disabled

Recently I encountered the following issue when trying to login to a Linux server running Redhat Enterprise Linux 9.

Issue description

I cannot log in via SSH to a Linux server running Redhat Enterprise Linux 9 (Rhel9).

pgulian@Petrus-MacBook-Pro ~ % ssh petru@172.16.10.102     
petru@172.16.10.102's password: 
Permission denied, please try again.
petru@172.16.10.102's password: 
Permission denied, please try again.
petru@172.16.10.102's password: 
petru@172.16.10.102: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
pgulian@Petrus-MacBook-Pro ~ %

Trobleshooting

  • I checked the SSH configuration. I compared it with another server which is running Rocky Linux 9. Both servers have the same SSH configuration. I am able to log in via the SSH on Rocky Linux, but not on Rhel9. I used post servers in the past and was able to login to both of them via SSH.
  • I checked the logs on the Redhat Enterprise Linux 9 (Rhel9) and I found some clues there.
Aug  2 14:05:52 rhel92 sshd[925]: main: sshd: ssh-rsa algorithm is disabled
ssh-rsa algorithm is disabled

I did some research and found this KB from Redhat: https://access.redhat.com/solutions/6966079

Root Cause

I encountered the issue because SHA1 is disabled in Rhel 9.

Solution

  1. To fix the issue you will need to enable the SHA1. 
[sudo] password for petru: 
Setting system policy to DEFAULT:SHA1
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
[petru@rhel92 ~]$

2. Reboot your system.

[petru@rhel92 ~]$ shutdown -r now

3. Confirm that SHA1 was enabled.

[petru@rhel92 ~]$ sudo update-crypto-policies --show
[sudo] password for petru: 
DEFAULT:SHA1
[petru@rhel92 ~]$

4. Check if you are able to connect to the system via SSH.

[petru@rocky9 ~]$ ssh petru@172.16.10.102
petru@172.16.10.102's password: 
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Aug  2 14:31:40 2024 from 172.16.10.121
[petru@rhel92 ~]$

By clicking submit, you agree to share your email address with the site owner and Mailchimp to receive marketing, updates, and other emails from the site owner. Use the unsubscribe link in those emails to opt out at any time.

Processing…
Success! You're on the list.

Leave a Reply