Solution: SSH Login Error – “no mutual signature supported”

When trying to login with a SSH key generated using the ssh-rsa SHA-1 algorithm, users get a “Permission denied” error.

Error message returned:

sign_and_send_pubkey: no mutual signature supported
user@host: Permission denied (publickey).

OR

debug1: send_pubkey_test: no mutual signature algorithm

Debugging

Enable verbose SSH logging:

"ssh -vvvv"

Why this happens

RSA SHA-1 is being rapidly phased out due to security concerns and is now being blocked by many operating systems and SSH clients.

Solution

1) Recommended: SSH login using a different algorithm such as rsa-sha2-256:

ssh -o PubkeyAcceptedKeyTypes=rsa-sha2-256 -i my_ssh_pub_key.pem user@host

2) Not Recommended: Re-enable support for ssh-rsa algorithm:

Not recommended as it will have security implications.

Re-enable ssh-rsa support by inserting the following line into the affected SSH client’s config file (~/.ssh/config) to re-enable this algorithm:

# vim ~/.ssh/config, add the lines at the beginning
Host *
    PubkeyAcceptedKeyTypes=+ssh-rsa
    HostKeyAlgorithms=+ssh-rsa

Useful links:

• https://confluence.atlassian.com/bitbucketserverkb/ssh-rsa-key-rejected-with-message-no-mutual-signature-algorithm-1026057701.html
• https://stackoverflow.com/questions/73795935/sign-and-send-pubkey-no-mutual-signature-supported