userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms

At Qxf2, we initially set up some of our applications on Lightsail instances running Ubuntu 18.0. Recently, we decided to migrate these instances to AWS EC2. As part of this process, we also upgraded the Ubuntu operating system from 18.0 to 22.0.

We regularly backup the database of one of the applications hosted on the Lightsail instance using a scheduled GitHub workflow. This GitHub Action downloads the database dump file via SCP and uploads it to an S3 bucket. However, after the migration, we encountered an issue with the SSH step to the instance. The error message displayed was: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms. This error indicated that the ssh-rsa algorithm was no longer supported.

Upon researching this issue, I discovered that the reason for this deprecation is that the SHA RSA1 algorithm used for key generation is no longer considered secure. This algorithm is being phased out across various operating systems and SSH clients due to security vulnerabilities.


As I stated in the above paragraph found the solution after googling . Used a more modern and secure type of key “ed25519” to generate key-pair that provided the solution needed to restore seamless SSH access. Generated the key pair in Ubuntu 22.04 using the below command

 ssh-keygen -t ed25519

Generating and applying ED25519 keys resolved the issue. After setting up these new keys, a thorough round of testing was conducted to confirm that the SSH access was now working seamlessly. This meant that the previously troublesome step, which had caused issues before, now ran smoothly. Consequently, the database backup operation was successfully executed, securely landing in the AWS S3 bucket.


The migration from Lightsail to AWS EC2 brought unexpected challenges, particularly with the change in SSH key compatibility. The RSA SHA-1 algorithm, previously used for key generation, was no longer supported in Ubuntu 22.04 due to security concerns. This led us to adopt the more secure ed25519 key type, which resolved the issue. Remember, if you encounter similar problems, generating a new key pair using ed25519 key can help restore seamless SSH access. This experience emphasizes the importance of staying updated with security best practices and adapting to new technologies for a smoother operational transition.”


Leave a Reply

Your email address will not be published. Required fields are marked *