SSH keys are no longer working after upgrading to Ubuntu 16.04.LTS – Help!

I recently upgraded one of my laptops to Ubuntu 16.04.LTS (going from 14.04.LTS). The upgrade went very smooth and I have no issues with the resulting operating environment 🙂 Having said that, I quickly discovered a quite serious issue for me when I attempted connecting to one of many servers I need to get into. All of a sudden, my SSH key was no longer accepted by the server, and I was prompted for a password! WTF!?

I immediately feared the worst and started looking at the server(s), tailing log files, enabling debugging, etc. No trace was to be found other than that no key was presented by the client. The servers were intact, the authorized_keys had not been compromised, and vanilla ice cream was still the number one flavor. The problem is not with Ubuntu 16.04.LTS. The problem is with my SSH key, as well as a recent change in “acceptable keys” by OpenSSH, version 7.

Doing “ssh -vvv user@server.com” told me that the SSH client couldn’t find an acceptable key to present to the server. After having figured that out, and facepalming for a few seconds, I added this to my /etc/ssh/ssh_config file:

PubkeyAcceptedKeyTypes=+ssh-dss

Saved the file and tried again. Voila! One could say many things about using this type of SSH key, but rest assured I will change mine. You should too if you run into this problem. This is a workaround, not a fix or a solution. So sit down with some vanilla ice cream (with actual vanilla) and something nice to drink and go through the process of replacing your public SSH keys everywhere.

, , , , ,

15 Responses to SSH keys are no longer working after upgrading to Ubuntu 16.04.LTS – Help!

  1. howie 19-Aug-2016 at 15:30 #

    Thank you!! This was freaking me out — now solved.

  2. Motu Patlu Games 22-Aug-2016 at 11:30 #

    Do they work with Ubuntu 14.xx?

    • joho 26-Aug-2016 at 13:39 #

      It’s not really the Ubuntu distribution that causes the problem, it’s which keys are by default supported by the SSH server. I didn’t have any issues after upgrading to 14.04. My problems with SSH keys started after the 16.04 upgrade.

  3. Adamsko 25-Aug-2016 at 01:08 #

    Your post described the exact solution for my problem after an update… Thanks!

  4. Bram 28-Aug-2016 at 23:24 #

    I don’t have /etc/ssh_config file.
    Did you mean /etc/ssh/ssh_config perhaps?
    I have the latter, but the settings in that file seem to have a different format, without the = character.

    • joho 29-Aug-2016 at 10:09 #

      Thank you, yes, of course I mean /etc/ssh/… 🙂 My bad. I have corrected the initial post.

  5. Miguel 12-Sep-2016 at 14:02 #

    Thank you! I updated a couple of days ago and every time using Unison, SVN, etc… I’ve had to introduce the password.

    One positive thing from this issue… I’m going to remember very well for a long time my pass 🙂

    • joho 01-Nov-2016 at 12:02 #

      Glad it worked out for you. Keys are (of course) a much beter mechanism than passwords, until you misplace them or something else happens 🙂

  6. Tobi Schulz 29-Oct-2016 at 11:50 #

    You saved my life.
    I have 160 VPS boxes that all are only accessible through public key. I was banging my head on the table for hours until I found your solution.
    And yes – I will certainly change the keys against something more solid but that’s going to take days….. 🙂

    • joho 01-Nov-2016 at 12:03 #

      160 boxes, ouch! I can imagine the “kernel panic” 🙂 Glad it worked out for you, and do change those keys!

  7. Sena 24-Mar-2017 at 04:33 #

    Thank You! It solved my problem after update to ubuntu 16

    • joho 26-Mar-2017 at 09:49 #

      I’m glad to hear that. Now, don’t forget to upgrade your keys 🙂

  8. Tony 30-Mar-2017 at 20:48 #

    After reading your posts, I hoping you might be able to explain what I am experiencing.
    I have a test software on a windows machine accessing a linux box (Ubuntu 14.04). The linux would then ssh into remote unit running linux.
    The command was sshpass -p “password” ssh “user”@xxx.xxx.xxx.xxx
    this was working just fine but now for some reason the remote box is rejecting access.
    The only way to access now is by dropping the “user@”. Then everything works.
    I’m trying to understand what happened as I don’t want to change code in all the various test software.
    Hope you can help
    Tony

    • joho 13-Apr-2017 at 07:39 #

      Have you tried enabling debug logging on all sides to see what’s going on? It sounds like a key/user mismatch issue, or possibly a key algorithm issue.

  9. gustavog 11-Aug-2017 at 19:00 #

    Great, I solved this problem.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Powered by WordPress. Designed by WooThemes