Hi, i still have network access to a Debian 8 system, to which i logged in from Debian 11 via ssh and a ssh-rsa key. After the upgrade to Debian 12 ssh fails with this public key authentication. The probably relevant messages from a run of ssh -vvv are:
debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:... debug1: send_pubkey_test: no mutual signature algorithm To my luck, the old sshd already supports ssh-ed25519 and i was able to add the content of the Debian 12 id_ed25519.pub to the Debian 8 file .ssh/authorized_keys2 . Now ssh to the Debian 8 machine works again. But i find this error message "no mutual signature algorithm" strange. The Debian 12 ssh client is obviously willing to try ssh-rsa. The Debian 8 sshd accepted that key from Debian 11. Why not from 12 ? In https://www.openssh.com/releasenotes.html i find for 9.2 or older only a RequiredRSASize directive of which man sshd_config says the default is 1024. The ssh-rsa key was generated by Debian 10. man ssh-keygen of buster says the default of option -b with RSA was 2048. (Does anybody know how to analyze a key file in regard to such parameters ?) In the web i find the reverse problem, i.e. older machine cannot ssh to Debian 12, because ssh-rsa would now be disabled by default. Have a nice day :) Thomas
