DSA Keys in OpenSSH v7+ (Ubuntu 16.04)

I just updated one of my servers and one of my laptops to Ubuntu 16.04. I have had nothing but positive experiences in both the desktop server editions, less one hiccup with my ssh keys.

I have a DSA ssh key I used to authenticate with a number of servers. Ubuntu 16.04 includes OpenSSH 7.2, which has depreciated DSA keys since verion 7.0. This turned out to be inconvient in two respects, ssh client and ssh server.

I first ran into this with the server operating system upgrade. I installed my public DSA key on the server, but was unable to log in without a password. Luckily I didn't disable password login immediatly and tested it first. After some furious Duck Duck Go'ing, I found my key was no longer supported by default the OpenSSH version in Ubuntu 16.04. I could enable it in the config, but decided not to. Rather than enabling it, I generated a new RSA key to use going forward and installed it on the server. Problem solved, no point in fighting the tides.

Later I reinstalled the OS on my netbook with Ubuntu 16.04 desktop. I went clone a repositiory from my GitHub to make a quick change and pull request to an upstream repository. My key wouldnt authenticate. I then tried it againt a server running and older version of Ubuntu, bit it still wouldn't authenticate. Realizing the use of DSA keys must also be depreciated on ssh clients, but still needing to authenticate with servers and services where this key was my only authentication, I figured I would edit the OpenSSH config on my system. This was quite painless thanks to a post I found on the gentoo forums. Create a file ~/.ssh/config and add the contents:

Host *
    PubkeyAcceptedKeyTypes=+ssh-dss

Tags: Ubuntu, ssh, openssh, dsa, rsa, dss

Contact Us To Setup A Meeting

Feel free to call or email anytime to setup a meeting. We would love to discuss your project to see if we can help!

contact us