diff --git a/README.md b/README.md index bde11bf..c1f7233 100644 --- a/README.md +++ b/README.md @@ -164,21 +164,22 @@ See the detail information about [SSH login without password](http://www.linuxpr * Change the permissions of `.ssh/authorized_keys2` to 640 ### If you are using OpenSSH + If you are currently using OpenSSH and are getting the following error: ```bash ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey] ``` -Make sure that your key algorithm of choice is supported. -On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under +Make sure that your key algorithm of choice is supported. On Ubuntu 20.04 or later you must explicitly allow the use of the ssh-rsa algorithm. Add the following line to your OpenSSH daemon file (which is either `/etc/ssh/sshd_config` or a drop-in file under `/etc/ssh/sshd_config.d/`): -``` +```bash CASignatureAlgorithms +ssh-rsa ``` Alternatively, `ed25519` keys are accepted by default in OpenSSH. You could use this instead of rsa if needed: + ```bash ssh-keygen -t ed25519 -a 200 -C "your_email@example.com" ``` @@ -375,7 +376,7 @@ Host FooServer #### Protecting a Private Key The purpose of the passphrase is usually to encrypt the private key. -This makes the key file by itself useless to an attacker. +This makes the key file by itself useless to an attacker. It is not uncommon for files to leak from backups or decommissioned hardware, and hackers commonly exfiltrate files from compromised systems. ```diff @@ -418,25 +419,6 @@ Now you can adjust you config: ls -al ``` -## FAQ - -### Login with an EC2 instance - -See the [solution](https://github.com/appleboy/ssh-action/issues/80#issuecomment-1130407377). Open the following file - -```sh -/etc/ssh/sshd_config -``` - -and add the following configuration - -```sh -PubkeyAuthentication yes -PubkeyAcceptedKeyTypes=+ssh-rsa -``` - -restart the ssh server finally. - ## Contributing We would love for you to contribute to `appleboy/ssh-action`, pull requests are welcome!