The client and server will automatically negotiate, and select the most preferred algorithms that are mutually supported. If any negotiation failed you would get a clear error such as "no matching key exchange method".I'm assuming that these are the encryption methods that the Pi claims to support. Is there a way to force it to use sha2 256, which seems to be supported? I think that sha2 256 bit is different from sha256.
I think you need -vvv to see the key exchange algorithm being used:
Code:
debug1: Offering public key: /home/jojopi/.ssh/id_rsa RSA SHA256:dzO2kg14VDJbNYx4OML5zjAyL9hRODpEOIDwjoaCAxQ agentdebug3: send packet: type 50debug2: we sent a publickey packet, wait for replydebug3: receive packet: type 60debug1: Server accepts key: /home/jojopi/.ssh/id_rsa RSA SHA256:dzO2kg14VDJbNYx4OML5zjAyL9hRODpEOIDwjoaCAxQ agentdebug3: sign_and_send_pubkey: using publickey-hostbound-v00@openssh.com with RSA SHA256:dzO2kg14VDJbNYx4OML5zjAyL9hRODpEOIDwjoaCAxQdebug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:dzO2kg14VDJbNYx4OML5zjAyL9hRODpEOIDwjoaCAxQdebug3: send packet: type 50debug3: receive packet: type 52Authenticated to pi5 ([192.168.30.45]:22) using "publickey".After any failure you should therefore check the logs on the server. In current systems, sudo journalctl -u ssh is the command for that. In old systems, sudo less /var/log/auth.log. I do not remember what is correct for buster.
Code:
May 20 14:20:32 raspberrypi sshd[6296]: Accepted publickey for pi from 192.168.30.16 port 34648 ssh2: RSA SHA256:dzO2kg14VDJbNYx4OML5zjAyL9hRODpEOIDwjoaCAxQStatistics: Posted by jojopi — Tue May 20, 2025 9:01 pm