Re-enable older RSA ssh keys after upgrading to MacOS Ventura
Edit: updated with a fix for Sequel Ace connection issues too.
Suddenly unable to ssh into servers that you used to? Did you recently knowingly or unknowingly upgrade to MacOS Ventura?
You’ll need to add this to the top of your Mac’s ~/.ssh/config file:
PubkeyAcceptedKeyTypes +ssh-rsa
Without it, you’ll just get a Permission denied (publickey) error.
The underlying problem is that Ventura ships with OpenSSH_9 which disables RSA/SHA1 keys, and the real issue is that the server being ssh-ed into, doesn’t support RSA/SHA256. Upgrading the ssh server itself to one that supports RSA/SHA256 would fix the issue.
More detail in this Stackoverflow question.
Sequel Ace connection issues
You might find that even with that change, Sequel Ace refuses to connect, and you get a giant dialog with debug ssh output:
That’s because Sequel Ace ships with its own default ssh config file which you can edit /Applications/Sequel Ace.app/Contents/Resources/ssh_config, add PubkeyAcceptedKeyTypes +ssh-rsa to the top of the file, save and then restart Ace. Or, more correctly, you can point Sequel Ace at your own ~/.ssh/config using Sequel Ace → Preferences → Network → SSH config
as this issue on github suggests.
All links, in order of mention:
- with a fix: #sequel-ace-connection-issues
- Sequel Ace: https://sequel-ace.com
- MacOS Ventura: https://www.apple.com/macos/ventura/
- Stackoverflow question: https://superuser.com/questions/1749364/git-ssh-permission-denied-in-macos-13-ventura
- issue on github: https://github.com/Sequel-Ace/Sequel-Ace/issues/1592
Recent posts:
- Patch for aarch64 (aka arm64) openssl 1.0.2 'relocation R_AARCH64_PREL64 against symbol OPENSSL_armcap_P error'
- TIL: the `NO_COLOR` informal standard to suppress ANSI colour escape codes
- Copy the contents of a branch into an existing git branch without merging
- Adding search to a static Jekyll site using pagefind
- asdf, python and automatically enabling virtual envs