Perl programmer for hire: download my resume (PDF).
John Bokma's Hacking & Hiking

Fixing Skipping ssh-dss key ... not in PubkeyAcceptedKeyTypes

April 2, 2019

Yesterday I switched the remote for the tumblelog repository to SSH. I used originally, by accident, HTTPS but prefer SSH:

$ git remote -v
origin	https://github.com/john-bokma/tumblelog.git (fetch)
origin	https://github.com/john-bokma/tumblelog.git (push)

So I used git remote set-url to change the URL of the remote:

git remote set-url origin git@github.com:john-bokma/tumblelog.git

And verified the command had executed correctly using git remote -v:

$ git remote -v
origin	git@github.com:john-bokma/tumblelog.git (fetch)
origin	git@github.com:john-bokma/tumblelog.git (push)

And done. Or so I thought, because git push -u origin master reported:

Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Next, I checked what went wrong using the following command:

ssh -vvv git@github.com

In this very verbose output I found the following line:

debug1: Skipping ssh-dss key /home/john/.ssh/id_dsa - not in PubkeyAcceptedKeyTy
pes

After a Google search with the above error message I learnt that OpenSSH 7.0 disables ssh-dss keys by default. Because it was already late I decided to fix things the next day.

Today, I verified the version of ssh I use on an older version of Ubuntu:

$ ssh -V
OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g  1 Mar 2016

So this really seems to be the cause for this issue. Or better, I using a weak key type. Which I fixed by creating a new, stronger, key pair:

Edit I originally used a key pair that's also considered not strong enough. Thank you Gert van Dijk for pointing this out to me. The much stronger version is:

ssh-keygen -o -a 100 -t ed25519 -C "contact@johnbokma.com" \
  -f ~/.ssh/john-bokma-github

Note: use your github email account in the comment argument to the -C option.

Next, I copied the public key, john-bokma-github.pub, to the clipboard using cat to display it in the terminal and selecting and copying all the lines shown by cat.

cat ~/.ssh/john-bokma-github.pub

The I went to GitHub settings and selected "SSH and GPG keys". I deleted the old, weak, key and added the new one by clicking "New SSH Key" and pasting the public key I copied to the clipboard earlier on.

Next, I added an entry to ~/.ssh/config as follows:

Host github.com
     IdentityFile ~/.ssh/john-bokma-github

And finally I tested with a git push:

$ git push -u origin master
Enter passphrase for key '/home/john/.ssh/john-bokma-github':

After entering my passphrase I successfully connected to GitHub.

Related

Thanks to Gert van Dijk for providing the following two links via Twitter: