"Server refused our key" Only from MobaXterm bookmark setup

ssh openssh mobaxterm

Solution 1:

This is caused by OpenSSH 8.8 disabling RSA signatures using the SHA-1 hash algorithm:

This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for <USD$50K

(see OpenSSH 8.8 - Potentially-incompatible changes).

You can also see the corresponding message in your provided log:

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

The functionality of these old keys can be restored by adding PubkeyAcceptedKeyTypes +ssh-rsa to /etc/ssh/sshd_config and restarting sshd. This however should only be treated as a temporary solution to replace the keys with ones using more modern and secure algorithms like Ed25519 (see ArchWiki - SSH keys - Ed25519) due to the security implications.

It seems the reason why they key is working from the terminal is a more recent implementation of the SSH protocol (compared to the one used in MobaXterm) which automatically uses SHA-256/512 instead of SHA-1 with these old keys. I was not able to verify this, but according to OpenSSH 8.8 - Potentially-incompatible changes:

[...] existing ssh-rsa keys will automatically use the stronger algorithm where possible.

Related

What is the cleanest way to do a sort plus uniq on a Python list?
How do I select elements on multiple attribute values
git hunk edit mode - how to remove a '-' line?
javax.net.ssl.SSLException: Read error: ssl=0x9524b800: I/O error during system call, Connection reset by peer
registers vs stacks
Eclipse change project files location
favicon not displayed by Firefox
Visual Studio 2013 or 2015 EditorPackage did not load correctly constantly
What does 'IISReset' do?
Should I use EJB3 or Spring for my business layer?
How do you fix a bug you can't replicate?
How to import svn branches and tags into git-svn?