"Server refused our key" Only from MobaXterm bookmark setup
Solution 1:
This is caused by OpenSSH 8.8 disabling RSA signatures using the SHA-1 hash algorithm:
This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for <USD$50K
(see OpenSSH 8.8 - Potentially-incompatible changes).
You can also see the corresponding message in your provided log:
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
The functionality of these old keys can be restored by adding PubkeyAcceptedKeyTypes +ssh-rsa
to /etc/ssh/sshd_config
and restarting sshd. This however should only be treated as a temporary solution to replace the keys with ones using more modern and secure algorithms like Ed25519 (see ArchWiki - SSH keys - Ed25519) due to the security implications.
It seems the reason why they key is working from the terminal is a more recent implementation of the SSH protocol (compared to the one used in MobaXterm) which automatically uses SHA-256/512 instead of SHA-1 with these old keys. I was not able to verify this, but according to OpenSSH 8.8 - Potentially-incompatible changes:
[...] existing ssh-rsa keys will automatically use the stronger algorithm where possible.