[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The key algorithm 'ssh-rsa' is not allowed in V 0.10.4


Hi

On 5/21/25 09:44, Jakub Jelen wrote:
Hi,
the strace does not show much what libssh does.

It just confirms the check is failing locally, without sending the public key to server. But the signature algorithm depends on the extensions negotiated during key exchange, which should be logged in verbose log.

I meant setting the log level using something like this:

int verbosity = SSH_LOG_TRACE;
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);

Ah sure, but you don't need strace to read the log ;) I disabled it on purpose so you see the essential filehandling...

Here you go again (attached).

It is also possible that the global configuration from cryptographic policies overrides the `SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES`. The strace log shows that the OpenSSH configuration is read before connecting:

openat(AT_FDCWD, "/etc/crypto-policies/back-ends/openssh.config", O_RDONLY) = 5

This file does not have the ssh-rsa (SHA1) mechanisms in accepted types:

$ cat /etc/crypto-policies/back-ends/openssh.config | grep ssh-rsa

If this is the case, is there a option to keep libssh from reading systemwide configs? In my case that would be neater than enabling SHA for the whole system...

But as far as I remember, the RHEL9 versions of OpenSSL and OpenSSH were not very pedantic so I think the OpenSSH is using the SHA1 anyway if the server does not advertise the SHA2 variants while libssh does not.

Looking at the RHEL9 sources, I see the + sign was backported so sorry for the confusion in the previous email.

That explains why I didn't get the error "algorithm not known" (or alike) on RHEL..

Cheers
Till

On Tue, May 20, 2025 at 8:56 PM <g4-lisz@xxxxxxxxxxxx> wrote:

    Hi Jakub,

    I run this little program (see below). There was only the output
    "Authentication failed: The key algorithm 'ssh-rsa' is not allowed
    to be used by PUBLICKEY_ACCEPTED_TYPES configuration option"

    So ssh_options_set() was successful.
    I attached the strace output. This will probably not go to the
    list but you will see it...

    Cheers
    Till

    #include <stdio.h>
    #include <libssh/libssh.h>

    int main() {
    ssh_session session;
    int rc;
    const char *hostname = "10.10.10.10";
    const char *keyfile = "/home/useruser/id_rsa";
    int port = 2222;

    session = ssh_new();
    if (session == NULL) {
    fprintf(stderr, "Failed to create SSH session\n");
    return 1;
    }

    //ssh_set_log_level(SSH_LOG_PACKET);
    ssh_set_log_level(0);
    if (ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
    "ssh-rsa,rsa-sha2-256,rsa-sha2-512") < 0) {
    fprintf(stderr, "ssh_options_set failed: %s\n",
    ssh_get_error(session));
    }
    ssh_options_set(session, SSH_OPTIONS_HOST, hostname);
    ssh_options_set(session, SSH_OPTIONS_PORT, &port);
    ssh_options_set(session, SSH_OPTIONS_IDENTITY, keyfile);

    rc = ssh_connect(session);
    if (rc != SSH_OK) {
    fprintf(stderr, "Error connecting to %s: %s\n", hostname,
    ssh_get_error(session));
    ssh_free(session);
    return 1;
    }

    rc = ssh_userauth_publickey_auto(session, NULL, NULL);
    if (rc != SSH_AUTH_SUCCESS) {
    fprintf(stderr, "Authentication failed: %s\n",
    ssh_get_error(session));
    ssh_disconnect(session);
    ssh_free(session);
    return 1;
    }

    printf("Connected and authenticated with key!\n");

    ssh_disconnect(session);
    ssh_free(session);
    return 0;
    }


    May 20, 2025 2:15 PM, "Jakub Jelen" <jjelen@xxxxxxxxxx
    <mailto:jjelen@xxxxxxxxxx?to=%22Jakub%20Jelen%22%20%3Cjjelen@xxxxxxxxxx%3E>>
    wrote:

        Hi,
        the libssh 0.9.7 should support SHA2 with RSA already so it
        might be there is some bug in the client not correctly
        detecting this or there is something else in play
        (configuration file forcing the ssh-rsa mechanism?). Do you
        have a full debug log (TRACE) to share (either here or privately)?
        Regarding the test code you shared, the line `
        ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
        "+ssh-rsa");` will most likely fail in 0.10 and older as the +
        sign is not implemented there (and without checking the return
        value we never learn that). You can try without that sign,
        which will allow only this mechanism (which is again not
        recommended as insecure and it will also not work without the
        crypto-policy change on RHEL9).
        Jakub
        On Tue, May 20, 2025 at 1:55 PM <g4-lisz@xxxxxxxxxxxx> wrote:

            Hi Jakub,

            the server is built on libssh V 0.9.7 on Windows using
            MinGW. What would it mean when it supports SHA2 RSA? Would
            this be used as "upgraded" algorithm for ssh-rsa?

            BTW Connecting to the server from RHEL with openssh client
            worked also with crypto policy set do DEFAULT...

            Cheers
            Till

            May 20, 2025 10:34 AM, "Jakub Jelen" <jjelen@xxxxxxxxxx
            <mailto:jjelen@xxxxxxxxxx?to=%22Jakub%20Jelen%22%20%3Cjjelen@xxxxxxxxxx%3E>>
            wrote:

                Hi.
                what is the SSH running on the server? Does it support
                for the SHA2 RSA (rfc8332)? If not, you need to go
                with the suggestion mentioned by Andreas -- changing
                the crypto policies to LEGACY or enabling SHA1 in
                signatures globally.
                If the SSH server supports the RFC 8332, then
                everything should work (unless you force the use of
                SHA1 signatures somewhere in your code).
                Showing the debug log from the connection can give
                more hints.
                Jakub
                On Tue, May 20, 2025 at 9:37 AM Andreas Schneider
                <asn@xxxxxxxxxxxxxx> wrote:

                    On Tuesday, 20 May 2025 02:56:28 CEST
                    g4-lisz@xxxxxxxxxxxx wrote:
                    > Sorry, I missed a few important lines:

                    My guess would be that the crypto policy is
                    preventing the use of SHA-1 and
                    you need to enable it. libssh has support for
                    crypto policies with 0.10.

                    https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/
                    security_hardening/using-the-system-wide-cryptographic-policies_security-
                    <https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security->
                    hardening

                    https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/
                    security_hardening/using-the-system-wide-cryptographic-policies_security-
                    hardening#proc_re-enabling-sha-1_using-the-system-wide-cryptographic-policies
                    <https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#proc_re-enabling-sha-1_using-the-system-wide-cryptographic-policies>


                    > int ssh_key_algorithm_allowed(ssh_session
                    session, const char *type)
                    > {
                    > const char *allowed_list;
                    >
                    > if (session->client) {
                    > ===>> allowed_list =
                    session->opts.pubkey_accepted_types; <<===
                    > if (allowed_list == NULL) {
                    > if (ssh_fips_mode()) {
                    > allowed_list =
                    ssh_kex_get_fips_methods(SSH_HOSTKEYS);
                    > } else {
                    > allowed_list =
                    ssh_kex_get_default_methods(SSH_HOSTKEYS);
                    > }
                    > I.e. it only uses the defaults if
                    session->opts.pubkey_accepted_types is
                    > undefined.
                    >
                    > Back to the beginning. Why doesn't it work? My
                    guess is that Redhat changed
                    > the list of supported methods...
                    >
                    > May 20, 2025 2:44 AM, g4-lisz@xxxxxxxxxxxx
                    (mailto:g4-lisz@xxxxxxxxxxxx)
                    > wrote: I wonder if this is a bug...
                    >
                    > I did some digging in the code (0.10.4).
                    >
                    > The error message "The key algorithm 'ssh-rsa'
                    is not allowed to be used by
                    > PUBLICKEY_ACCEPTED_TYPES" comes from:
                    ssh_userauth_try_publickey(). This
                    > uses:
                    >
                    > auth.c:531: rc =
                    ssh_key_algorithm_allowed(session, sig_type_c);
                    >
                    > But ssh_key_algorithm_allowed() checks again
                    ssh_kex_get_default_methods()
                    >
                    > pki.c:371: allowed_list =
                    ssh_kex_get_default_methods(SSH_HOSTKEYS);
                    >
                    > ssh_kex_get_default_methods() returns a constant
                    list
                    > DEFAULT_PUBLIC_KEY_ALGORITHMS from static const
                    char *default_methods[]
                    > (kex.c:242).
                    >
                    > Therefore ssh_userauth_try_publickey() always
                    returns SSH_AUTH_DENIED if the
                    > algorithm is not in the DEFAULT list.
                    >
                    > How does this make sense? It doesn't respect the
                    additional algorithms added
                    > through the SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES
                    option.
                    >
                    > rsa-ssh would actually be supported. It's in the
                    list supported_methods[] in
                    > kex.c:240. This is used for
                    ssh_keep_known_algos() (kex.c:957) and allows
                    > to set the option to the session (options.c):
                    >
                    > case SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
                    > v = value;
                    > if (v == NULL || v[0] == '') {
                    > ssh_set_error_invalid(session);
                    > return -1;
                    > } else {
                    > if (ssh_fips_mode()) {
                    > p = ssh_keep_fips_algos(SSH_HOSTKEYS, v);
                    > } else {
                    > p = ssh_keep_known_algos(SSH_HOSTKEYS, v);
                    > }
                    > if (p == NULL) {
                    > ssh_set_error(session, SSH_REQUEST_DENIED,
                    > "Setting method: no known public key algorithm
                    (%s)",
                    > v);
                    > return -1;
                    > }
                    >
                    > SAFE_FREE(session->opts.pubkey_accepted_types);
                    > session->opts.pubkey_accepted_types = p;
                    > }
                    >
                    > So what's the sense of allowing to add the
                    algorithm through the option, but
                    > then denying the key because it's algorithm is
                    not in the default list?
                    > IMHO SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES makes
                    no sense this way...
                    >
                    > Cheers
                    > Till
                    >
                    > May 20, 2025 1:48 AM, g4-lisz@xxxxxxxxxxxx
                    (mailto:g4-lisz@xxxxxxxxxxxx)
                    > wrote: Nice hint to use 'strings'. But from the
                    output it's hard to tell.
                    > There are a few appearances: rsa-sha2-512
                    > rsa-sha2-512,rsa-sha2-256,ssh-rsa
                    > ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp384-cert-
                    > v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp256-cert-
                    > v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx),rsa-sha2-512-cert-v01@ope
                    > nssh.com <http://nssh.com>
                    >
                    (mailto:rsa-sha2-512-cert-v01@xxxxxxxxxxx),rsa-sha2-256-cert-v01@xxxxxxxxxx
                    > m
                    >
                    (mailto:rsa-sha2-256-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp521,ecdsa-sha2-n
                    >
                    istp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256
                    > ssh-ed25519-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ssh-ed25519-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp521-cert-v01@open
                    > ssh.com <http://ssh.com>
                    >
                    (mailto:ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp384-cert-
                    > v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp256-cert-
                    > v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx),sk-ecdsa-sha2-nistp256-ce
                    > rt-v01@xxxxxxxxxxx
                    >
                    (mailto:sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx),rsa-sha2-512-cert-v01@
                    > openssh.com <http://openssh.com>
                    >
                    (mailto:rsa-sha2-512-cert-v01@xxxxxxxxxxx),rsa-sha2-256-cert-v01@xxxxxxxxxx
                    > m
                    >
                    (mailto:rsa-sha2-256-cert-v01@xxxxxxxxxxx),ssh-ed25519,ecdsa-sha2-nistp521,
                    >
                    ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@xxxxxxxxxxx
                    >
                    (mailto:sk-ssh-ed25519@xxxxxxxxxxx),sk-ecdsa-sha2-nistp256@xxxxxxxxxxx
                    >
                    (mailto:sk-ecdsa-sha2-nistp256@xxxxxxxxxxx),rsa-sha2-512,rsa-sha2-256
                    >
                    ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,sk-
                    > ssh-ed25519@xxxxxxxxxxx
                    >
                    (mailto:sk-ssh-ed25519@xxxxxxxxxxx),sk-ecdsa-sha2-nistp256@xxxxxxxxxxx
                    >
                    (mailto:sk-ecdsa-sha2-nistp256@xxxxxxxxxxx),rsa-sha2-512,rsa-sha2-256,ssh-r
                    > sa The provided value (%u) for minimal RSA key
                    size is too small. Use at
                    > least 768 bits. Either RSA or DSS must be chosen
                    > ssh-ed25519-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ssh-ed25519-cert-v01@xxxxxxxxxxx),sk-ssh-ed25519-cert-v01@openssh.c
                    > om
                    >
                    (mailto:sk-ssh-ed25519-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp521-cert-v01@o
                    > penssh.com <http://penssh.com>
                    >
                    (mailto:ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp384-cert-
                    > v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp256-cert-
                    > v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx),sk-ecdsa-sha2-nistp256-ce
                    > rt-v01@xxxxxxxxxxx
                    >
                    (mailto:sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx),rsa-sha2-512-cert-v01@
                    > openssh.com <http://openssh.com>
                    >
                    (mailto:rsa-sha2-512-cert-v01@xxxxxxxxxxx),rsa-sha2-256-cert-v01@xxxxxxxxxx
                    > m
                    (mailto:rsa-sha2-256-cert-v01@xxxxxxxxxxx),ssh-rsa-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ssh-rsa-cert-v01@xxxxxxxxxxx),ssh-ed25519,ecdsa-sha2-nistp521,ecdsa
                    >
                    -sha2-nistp384,ecdsa-sha2-nistp256,sk-ssh-ed25519@xxxxxxxxxxx
                    >
                    (mailto:sk-ssh-ed25519@xxxxxxxxxxx),sk-ecdsa-sha2-nistp256@xxxxxxxxxxx
                    >
                    (mailto:sk-ecdsa-sha2-nistp256@xxxxxxxxxxx),rsa-sha2-512,rsa-sha2-256,ssh-r
                    > sa rsa-sha2-256-cert-v01@xxxxxxxxxxx
                    > (mailto:rsa-sha2-256-cert-v01@xxxxxxxxxxx)
                    > rsa-sha2-512-cert-v01@xxxxxxxxxxx
                    > (mailto:rsa-sha2-512-cert-v01@xxxxxxxxxxx)
                    Failed to build RSA public key
                    > The '%s' key of size %d is not allowd by
                    RSA_MIN_SIZE
                    > Failed to build RSA private key
                    > ssh-rsa
                    > ssh-rsa-cert-v01@xxxxxxxxxxx
                    (mailto:ssh-rsa-cert-v01@xxxxxxxxxxx)
                    >
                    > I'm using a minimalistic code now for testing.
                    But still the same result:
                    >
                    > int main() {
                    > ssh_session session;
                    > int rc;
                    > const char *hostname = "10.10.10.10";
                    > const char *username = "user";
                    > const char *keyfile = "/home/user/id_rsa";
                    > int port = 22;
                    >
                    > session = ssh_new();
                    > if (session == NULL) {
                    > fprintf(stderr, "Failed to create SSH sessionn");
                    > return 1;
                    > }
                    >
                    > ssh_set_log_level(SSH_LOG_FUNCTIONS);
                    > ssh_options_set(session,
                    SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, "+ssh-rsa");
                    > ssh_options_set(session, SSH_OPTIONS_HOST,
                    hostname);
                    > ssh_options_set(session, SSH_OPTIONS_PORT, &port);
                    > ssh_options_set(session, SSH_OPTIONS_USER,
                    username);
                    > ssh_options_set(session, SSH_OPTIONS_IDENTITY,
                    keyfile);
                    >
                    > rc = ssh_connect(session);
                    > if (rc != SSH_OK) {
                    > fprintf(stderr, "Error connecting to %s: %sn",
                    hostname,
                    > ssh_get_error(session)); ssh_free(session);
                    > return 1;
                    > }
                    >
                    > rc = ssh_userauth_publickey_auto(session, NULL,
                    NULL);
                    > if (rc != SSH_AUTH_SUCCESS) {
                    > fprintf(stderr, "Authentication failed: %sn",
                    ssh_get_error(session));
                    > ssh_disconnect(session);
                    > ssh_free(session);
                    > return 1;
                    > }
                    >
                    > printf("Connected and authenticated with key!n");
                    >
                    > ssh_disconnect(session);
                    > ssh_free(session);
                    > return 0;
                    > }
                    >
                    > Output:
                    > ssh_userauth_publickey_auto: Trying to
                    authenticate with
                    > /home/remadmin/id_rsa ssh_key_algorithm_allowed:
                    Checking rsa-sha2-512 with
                    > list
                    <ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp384,ecdsa
                    > -sha2-nistp384-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp521,ecdsa
                    > -sha2-nistp521-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx),ssh-ed25519,ssh-ed25519-c
                    > ert-v01@xxxxxxxxxxx
                    >
                    (mailto:ssh-ed25519-cert-v01@xxxxxxxxxxx),rsa-sha2-256,rsa-sha2-256-cert-v0
                    > 1@xxxxxxxxxxx
                    >
                    (mailto:rsa-sha2-256-cert-v01@xxxxxxxxxxx),rsa-sha2-512,rsa-sha2-512-cert-v
                    > 01@xxxxxxxxxxx
                    (mailto:rsa-sha2-512-cert-v01@xxxxxxxxxxx)>
                    > ssh_key_algorithm_allowed: Checking rsa-sha2-256
                    with list
                    >
                    <ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp384,ecdsa
                    > -sha2-nistp384-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp521,ecdsa
                    > -sha2-nistp521-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx),ssh-ed25519,ssh-ed25519-c
                    > ert-v01@xxxxxxxxxxx
                    >
                    (mailto:ssh-ed25519-cert-v01@xxxxxxxxxxx),rsa-sha2-256,rsa-sha2-256-cert-v0
                    > 1@xxxxxxxxxxx
                    >
                    (mailto:rsa-sha2-256-cert-v01@xxxxxxxxxxx),rsa-sha2-512,rsa-sha2-512-cert-v
                    > 01@xxxxxxxxxxx
                    (mailto:rsa-sha2-512-cert-v01@xxxxxxxxxxx)>
                    > ssh_key_algorithm_allowed: Checking ssh-rsa with
                    list
                    >
                    <ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp384,ecdsa
                    > -sha2-nistp384-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx),ecdsa-sha2-nistp521,ecdsa
                    > -sha2-nistp521-cert-v01@xxxxxxxxxxx
                    >
                    (mailto:ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx),ssh-ed25519,ssh-ed25519-c
                    > ert-v01@xxxxxxxxxxx
                    >
                    (mailto:ssh-ed25519-cert-v01@xxxxxxxxxxx),rsa-sha2-256,rsa-sha2-256-cert-v0
                    > 1@xxxxxxxxxxx
                    >
                    (mailto:rsa-sha2-256-cert-v01@xxxxxxxxxxx),rsa-sha2-512,rsa-sha2-512-cert-v
                    > 01@xxxxxxxxxxx
                    (mailto:rsa-sha2-512-cert-v01@xxxxxxxxxxx)>
                    > ssh_userauth_try_publickey: The key algorithm
                    'ssh-rsa' is not allowed to
                    > be used by PUBLICKEY_ACCEPTED_TYPES
                    configuration option
                    > ssh_userauth_publickey_auto: Public key for
                    /home/remadmin/id_rsa refused
                    > by server
                    >
                    > To your last question: I'm simply talking to the
                    libssh mailing list! My
                    > name is Till.
                    >
                    > Cheers
                    >
                    > May 19, 2025 11:59 PM, "Malak Bouaksa"
                    <bouaksamalak@xxxxxxxxx
                    >
                    (mailto:bouaksamalak@xxxxxxxxx?to=%22Malak%20Bouaksa%22%20<bouaksamalak@gma
                    > il.com <http://il.com>>)> wrote: You're
                    absolutely right to be confused — that error message
                    > is really misleading. When libssh says the key
                    was “refused by server,” it
                    > often doesn’t actually mean the server rejected
                    it. In your case, the
                    > message "The key algorithm 'ssh-rsa' is not
                    allowed to be used by
                    > PUBLICKEY_ACCEPTED_TYPES configuration option"
                    shows that it’s the client
                    > itself, not the server, refusing the key. It’s
                    likely that libssh 0.10.4 is
                    > filtering out ssh-rsa internally before it even
                    tries to use it. This is a
                    > new default behavior introduced for security
                    reasons, since ssh-rsa uses
                    > SHA-1, which is considered weak. To allow it,
                    make sure you're calling
                    > ssh_options_set(session,
                    SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, "+ssh-rsa")
                    > (without a space after the plus) before calling
                    ssh_connect(). If you set
                    > it too late, the option won’t take effect. Also
                    consider setting
                    > SSH_OPTIONS_HOSTKEYS to include +ssh-rsa, just
                    in case host key filtering
                    > is also in play. Finally, it’s worth checking
                    whether your system’s libssh
                    > was compiled with ssh-rsa support disabled
                    entirely — some distros remove
                    > it completely. A quick way to test that is by
                    running strings on the libssh
                    > shared library to see if ssh-rsa appears at all.
                    So no, the server probably
                    > isn’t refusing the key — your client just won’t
                    let it be used unless you
                    > configure it properly, and sometimes not even
                    then if it’s compiled out.
                    >
                    > And can I know who is talking to me and how you
                    got my email?
                    >
                    > Thank you and I hope I helped with your problem.
                    > On Mon, May 19, 2025 at 10:14 PM
                    <g4-lisz@xxxxxxxxxxxx
                    > (mailto:g4-lisz@xxxxxxxxxxxx)> wrote: Hi there
                    and thanks for your reply!
                    >
                    > You mean ' ssh-rsa' i.e. without any space? I
                    also tried that, and with a
                    > complete list, too: sh_options_set(session,
                    > SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                    >
                    "rsa-sha2-256,rsa-sha2-512,ecdh-sha2-nistp256,ssh-rsa"
                    >
                    > Nothing seems to help so far...
                    >
                    > It actually says (with debug log level);
                    > ssh_userauth_publickey_auto:
                    ssh_userauth_publickey_auto: Public key for
                    > /opt/myproxy/.ssh/id_rsa refused by server
                    ssh_userauth_publickey_auto:
                    > Access denied: Tried every public key, none matched
                    > ssh_userauth_publickey_auto Instance #11 failed:
                    The key algorithm
                    > 'ssh-rsa' is not allowed to be used by
                    PUBLICKEY_ACCEPTED_TYPES
                    > configuration option
                    >
                    > The last line comes from ssh_get_error(session):
                    > if(ssh_userauth_publickey_auto(session, NULL,
                    NULL) != SSH_AUTH_SUCCESS) {
                    > tlog_error("ssh_userauth_password Instance #%d
                    failed: %s",
                    > inst->instance_id, ssh_get_error(session)); ...
                    > But why it says: refused by server? Is this just
                    a bad wording? Or is it
                    > really rejected by the peer?
                    >
                    > May 19, 2025 10:19 PM, "Malak Bouaksa"
                    <bouaksamalak@xxxxxxxxx
                    >
                    (mailto:bouaksamalak@xxxxxxxxx?to=%22Malak%20Bouaksa%22%20%3Cbouaksamalak@g
                    > mail.com <http://mail.com>%3E)> wrote: Hey there,
                    >
                    > What you're running into is actually a common
                    issue when jumping from
                    > libssh 0.9.x to 0.10.x. Starting with version
                    0.10, libssh made a
                    > security-related change: it no longer allows the
                    'ssh-rsa' key type by
                    > default because it's based on SHA-1, which is
                    considered weak by modern
                    > cryptographic standards. That’s why everything
                    worked fine with version
                    > 0.9.6, but with 0.10.4 on RHEL9
                    >
                    > That’s why everything worked fine with version
                    0.9.6, but with 0.10.4
                    on
                    > RHEL9 but here’s the catch: the space after the
                    + is messing it up. It
                    > should be: ssh_options_set(session,
                    SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                    > "+ ssh-rsa"); On Mon, May 19, 2025 at 8:58 PM
                    <g4-lisz@xxxxxxxxxxxx
                    > (mailto:g4-lisz@xxxxxxxxxxxx)> wrote: Hi there,
                    >
                    > I wrote a client (TCP forwarding) that connects
                    to a server which uses
                    > libssh V 0.9.7.
                    >
                    > When I compile the client with 0.9.6 (this is
                    what I get with libssh-dev on
                    > Pop!_OS 22.04) then all works fine.
                    >
                    > However, on RHEL9, libssh-dev brings v0.10.4.
                    And compiled with that version
                    > the client can't connect anymore:
                    >
                    > "ssh_userauth_try_publickey: The key algorithm
                    'ssh-rsa' is not allowed to
                    > be used by PUBLICKEY_ACCEPTED_TYPES
                    configuration option"
                    >
                    > At first I was confused: Who says this? The
                    server? But it accepted the key
                    > when using a client with version 0.9.6. So I
                    tried to add 'ssh-rsa' to the
                    > client's allowed key types:
                    >
                    > if (ssh_options_set(session,
                    SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, "+
                    > ssh-rsa") < 0) { fprintf(stderr,
                    "ssh_options_set failed: %sn",
                    > ssh_get_error(session); }
                    >
                    > ssh_options_set(...) seems to succeed. However,
                    everything else remains the
                    > same. The key algorithm 'ssh-rsa' is not allowed
                    to be used...
                    >
                    > How can this be solved? What is the right way to
                    convince libssh that it can
                    > use public keys of type ssh-rsa?
                    >
                    > The remote account only knows my ssh-rsa public
                    key and this can't be
                    > changed easily. That's why I have to stick with
                    that type...
                    >
                    > Cheers
                    > Till


                    --
                    Andreas Schneider asn@xxxxxxxxxxxxxx
                    GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D



[2025/05/21 13:34:27.590787, 3] ssh_config_parse_file:  Reading configuration data from /etc/ssh/ssh_config
[2025/05/21 13:34:27.593152, 3] local_parse_file:  Reading additional configuration data from /etc/ssh/ssh_config.d/50-redhat.conf
[2025/05/21 13:34:27.593752, 2] ssh_config_parse_line:  line 3: Unsupported Match keyword 'final', skipping
[2025/05/21 13:34:27.594435, 3] local_parse_file:  Reading additional configuration data from /etc/crypto-policies/back-ends/openssh.config
[2025/05/21 13:34:27.595007, 2] ssh_config_parse_line:  Unknown option: GSSAPIKexAlgorithms, line: 3
[2025/05/21 13:34:27.595462, 2] ssh_config_parse_line:  Unknown option: CASignatureAlgorithms, line: 6
[2025/05/21 13:34:27.595836, 2] ssh_config_parse_line:  Unknown option: RequiredRSASize, line: 7
[2025/05/21 13:34:27.596448, 2] ssh_config_parse_line:  Unapplicable option: ForwardX11Trusted, line: 12
[2025/05/21 13:34:27.599300, 2] ssh_connect:  libssh 0.10.4 (c) 2003-2022 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
[2025/05/21 13:34:27.599665, 3] getai:  host 10.10.10.108 matches an IP address
[2025/05/21 13:34:27.600535, 2] ssh_socket_connect:  Nonblocking connection socket: 3
[2025/05/21 13:34:27.600870, 2] ssh_connect:  Socket connecting, now waiting for the callbacks to work
[2025/05/21 13:34:27.601443, 3] ssh_connect:  Actual timeout : 10000
[2025/05/21 13:34:27.601920, 3] ssh_socket_pollcallback:  Received POLLOUT in connecting state
[2025/05/21 13:34:27.602437, 1] socket_callback_connected:  Socket connection callback: 1 (0)
[2025/05/21 13:34:27.603181, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2025/05/21 13:34:27.603965, 3] callback_receive_banner:  Received banner: SSH-2.0-libssh_0.9.7
[2025/05/21 13:34:27.604345, 2] ssh_client_connection_callback:  SSH server banner: SSH-2.0-libssh_0.9.7
[2025/05/21 13:34:27.604644, 2] ssh_analyze_banner:  Analyzing banner: SSH-2.0-libssh_0.9.7
[2025/05/21 13:34:27.607601, 3] ssh_client_select_hostkeys:  Order of wanted host keys: "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256"
[2025/05/21 13:34:27.608765, 1] ssh_known_hosts_read_entries:  Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
[2025/05/21 13:34:27.609206, 3] ssh_client_select_hostkeys:  No key found in known_hosts; changing host key method to "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256"
[2025/05/21 13:34:27.609572, 3] packet_send2:  packet: wrote [type=20, len=900, padding_size=7, comp=892, payload=892]
[2025/05/21 13:34:27.609926, 3] ssh_send_kex:  SSH_MSG_KEXINIT sent
[2025/05/21 13:34:27.610313, 3] ssh_packet_socket_callback:  packet: read type 20 [len=884,padding=9,comp=874,payload=874]
[2025/05/21 13:34:27.610620, 3] ssh_packet_process:  Dispatching handler for packet type 20
[2025/05/21 13:34:27.610968, 2] ssh_kex_select_methods:  Negotiated curve25519-sha256,rsa-sha2-512,aes256-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx,aead-gcm,aead-gcm,none,none,,
[2025/05/21 13:34:27.611859, 3] packet_send2:  packet: wrote [type=30, len=44, padding_size=6, comp=37, payload=37]
[2025/05/21 13:34:27.612518, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2025/05/21 13:34:27.631691, 3] ssh_packet_socket_callback:  packet: read type 31 [len=612,padding=11,comp=600,payload=600]
[2025/05/21 13:34:27.632382, 3] ssh_packet_process:  Dispatching handler for packet type 31
[2025/05/21 13:34:27.633561, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2025/05/21 13:34:27.634140, 3] packet_send2:  packet: wrote [type=21, len=12, padding_size=10, comp=1, payload=1]
[2025/05/21 13:34:27.634969, 3] crypt_set_algorithms2:  Set output algorithm to aes256-gcm@xxxxxxxxxxx
[2025/05/21 13:34:27.635493, 3] crypt_set_algorithms2:  Set HMAC output algorithm to aead-gcm
[2025/05/21 13:34:27.635990, 3] crypt_set_algorithms2:  Set input algorithm to aes256-gcm@xxxxxxxxxxx
[2025/05/21 13:34:27.636496, 3] crypt_set_algorithms2:  Set HMAC input algorithm to aead-gcm
[2025/05/21 13:34:27.637092, 2] ssh_init_rekey_state:  Set rekey after 4294967296 blocks
[2025/05/21 13:34:27.637618, 2] ssh_init_rekey_state:  Set rekey after 4294967296 blocks
[2025/05/21 13:34:27.638153, 2] ssh_packet_client_curve25519_reply:  SSH_MSG_NEWKEYS sent
[2025/05/21 13:34:27.638975, 3] ssh_packet_socket_callback:  packet: read type 21 [len=12,padding=10,comp=1,payload=1]
[2025/05/21 13:34:27.639485, 3] ssh_packet_process:  Dispatching handler for packet type 21
[2025/05/21 13:34:27.640101, 2] ssh_packet_newkeys:  Received SSH_MSG_NEWKEYS
[2025/05/21 13:34:27.641171, 2] ssh_packet_newkeys:  Signature verified and valid
[2025/05/21 13:34:27.641688, 3] ssh_connect:  current state : 7
[2025/05/21 13:34:27.642211, 3] ssh_userauth_publickey_auto:  Trying to authenticate with /home/useruser/id_rsa
[2025/05/21 13:34:27.643466, 3] ssh_key_algorithm_allowed:  Checking rsa-sha2-512 with list <ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,ssh-ed25519,ssh-ed25519-cert-v01@xxxxxxxxxxx,rsa-sha2-256,rsa-sha2-256-cert-v01@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-512-cert-v01@xxxxxxxxxxx>
[2025/05/21 13:34:27.643865, 3] ssh_key_algorithm_allowed:  Checking rsa-sha2-256 with list <ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,ssh-ed25519,ssh-ed25519-cert-v01@xxxxxxxxxxx,rsa-sha2-256,rsa-sha2-256-cert-v01@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-512-cert-v01@xxxxxxxxxxx>
[2025/05/21 13:34:27.644243, 3] ssh_key_algorithm_allowed:  Checking ssh-rsa with list <ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,ssh-ed25519,ssh-ed25519-cert-v01@xxxxxxxxxxx,rsa-sha2-256,rsa-sha2-256-cert-v01@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-512-cert-v01@xxxxxxxxxxx>
[2025/05/21 13:34:27.644552, 1] ssh_userauth_try_publickey:  The key algorithm 'ssh-rsa' is not allowed to be used by PUBLICKEY_ACCEPTED_TYPES configuration option
[2025/05/21 13:34:27.644855, 3] ssh_userauth_publickey_auto:  Public key for /home/useruser/id_rsa refused by server
[2025/05/21 13:34:27.645245, 3] ssh_userauth_publickey_auto:  Trying to authenticate with /home/useruser/.ssh/id_ed25519
[2025/05/21 13:34:27.645697, 1] ssh_pki_import_pubkey_file:  Error opening /home/useruser/.ssh/id_ed25519.pub: No such file or directory
[2025/05/21 13:34:27.646195, 1] ssh_pki_import_privkey_file:  Error opening /home/useruser/.ssh/id_ed25519: No such file or directory
[2025/05/21 13:34:27.646548, 3] ssh_userauth_publickey_auto:  Private key /home/useruser/.ssh/id_ed25519 doesn't exist.
[2025/05/21 13:34:27.646885, 3] ssh_userauth_publickey_auto:  Trying to authenticate with /home/useruser/.ssh/id_ecdsa
[2025/05/21 13:34:27.647375, 1] ssh_pki_import_pubkey_file:  Error opening /home/useruser/.ssh/id_ecdsa.pub: No such file or directory
[2025/05/21 13:34:27.647845, 1] ssh_pki_import_privkey_file:  Error opening /home/useruser/.ssh/id_ecdsa: No such file or directory
[2025/05/21 13:34:27.648234, 3] ssh_userauth_publickey_auto:  Private key /home/useruser/.ssh/id_ecdsa doesn't exist.
[2025/05/21 13:34:27.648576, 3] ssh_userauth_publickey_auto:  Trying to authenticate with /home/useruser/.ssh/id_rsa
[2025/05/21 13:34:27.649043, 1] ssh_pki_import_pubkey_file:  Error opening /home/useruser/.ssh/id_rsa.pub: No such file or directory
[2025/05/21 13:34:27.649489, 1] ssh_pki_import_privkey_file:  Error opening /home/useruser/.ssh/id_rsa: No such file or directory
[2025/05/21 13:34:27.649795, 3] ssh_userauth_publickey_auto:  Private key /home/useruser/.ssh/id_rsa doesn't exist.
[2025/05/21 13:34:27.650163, 2] ssh_userauth_publickey_auto:  Tried every public key, none matched
Authentication failed: The key algorithm 'ssh-rsa' is not allowed to be used by PUBLICKEY_ACCEPTED_TYPES configuration option
[2025/05/21 13:34:27.650956, 3] ssh_socket_unbuffered_write:  Enabling POLLOUT for socket
[2025/05/21 13:34:27.651442, 3] packet_send2:  packet: wrote [type=1, len=32, padding_size=11, comp=20, payload=20]
execve("./testkey", ["./testkey"], 0x7ffc4cd90f50 /* 42 vars */) = 0
brk(NULL)                               = 0x2345000
arch_prctl(0x3001 /* ARCH_??? */, 0x7fff7fdcf290) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=54843, ...}) = 0
mmap(NULL, 54843, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7b98abf000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libssh.so.4", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\375\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1328072, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7b98abd000
mmap(NULL, 576888, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98a30000
mmap(0x7f7b98a3e000, 393216, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7f7b98a3e000
mmap(0x7f7b98a9e000, 110592, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6e000) = 0x7f7b98a9e000
mmap(0x7f7b98ab9000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x88000) = 0x7f7b98ab9000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\227\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0 \0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0"..., 48, 848) = 48
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0z@\242,\232\202\205O=fvr2\2566J"..., 68, 896) = 68
fstat(3, {st_mode=S_IFREG|0755, st_size=2539832, ...}) = 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
mmap(NULL, 2125744, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98800000
mmap(0x7f7b98828000, 1523712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x7f7b98828000
mmap(0x7f7b9899c000, 360448, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19c000) = 0x7f7b9899c000
mmap(0x7f7b989f4000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f4000) = 0x7f7b989f4000
mmap(0x7f7b989fa000, 53168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7b989fa000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libcrypto.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0`\v\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=5436640, ...}) = 0
mmap(NULL, 5344208, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98200000
mmap(0x7f7b982b4000, 3334144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb4000) = 0x7f7b982b4000
mmap(0x7f7b985e2000, 876544, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3e2000) = 0x7f7b985e2000
mmap(0x7f7b986b8000, 385024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4b7000) = 0x7f7b986b8000
mmap(0x7f7b98716000, 11216, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7b98716000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3605\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=102552, ...}) = 0
mmap(NULL, 102408, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98a16000
mprotect(0x7f7b98a19000, 86016, PROT_NONE) = 0
mmap(0x7f7b98a19000, 57344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f7b98a19000
mmap(0x7f7b98a27000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x7f7b98a27000
mmap(0x7f7b98a2e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f7b98a2e000
mmap(0x7f7b98a2f000, 8, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7b98a2f000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libgssapi_krb5.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\355\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=358576, ...}) = 0
mmap(NULL, 350944, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b987aa000
mmap(0x7f7b987b6000, 241664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f7b987b6000
mmap(0x7f7b987f1000, 49152, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x47000) = 0x7f7b987f1000
mmap(0x7f7b987fd000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x53000) = 0x7f7b987fd000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libkrb5.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000p\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=906400, ...}) = 0
mmap(NULL, 889616, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98126000
mmap(0x7f7b98148000, 434176, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f7b98148000
mmap(0x7f7b981b2000, 253952, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8c000) = 0x7f7b981b2000
mmap(0x7f7b981f0000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xca000) = 0x7f7b981f0000
mmap(0x7f7b981ff000, 784, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7b981ff000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libk5crypto.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p_\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=99120, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7b98a14000
mmap(NULL, 98352, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98791000
mmap(0x7f7b98796000, 53248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f7b98796000
mmap(0x7f7b987a3000, 16384, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x7f7b987a3000
mmap(0x7f7b987a7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f7b987a7000
mmap(0x7f7b987a9000, 48, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7b987a9000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libcom_err.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220$\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=23872, ...}) = 0
mmap(NULL, 24640, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98a0d000
mmap(0x7f7b98a0f000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f7b98a0f000
mmap(0x7f7b98a11000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f7b98a11000
mmap(0x7f7b98a12000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f7b98a12000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libkrb5support.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0PO\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=66320, ...}) = 0
mmap(NULL, 66192, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98780000
mmap(0x7f7b98784000, 32768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f7b98784000
mmap(0x7f7b9878c000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f7b9878c000
mmap(0x7f7b9878f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0x7f7b9878f000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libkeyutils.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260$\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=23992, ...}) = 0
mmap(NULL, 24584, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98779000
mmap(0x7f7b9877b000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f7b9877b000
mmap(0x7f7b9877d000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f7b9877d000
mmap(0x7f7b9877e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f7b9877e000
mmap(0x7f7b9877f000, 8, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7b9877f000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320F\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=70880, ...}) = 0
mmap(NULL, 80456, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98765000
mmap(0x7f7b98769000, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f7b98769000
mmap(0x7f7b98772000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7f7b98772000
mmap(0x7f7b98775000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x7f7b98775000
mmap(0x7f7b98777000, 6728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7b98777000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0pp\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=175752, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7b98a0b000
mmap(NULL, 181896, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b98738000
mmap(0x7f7b9873e000, 110592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f7b9873e000
mmap(0x7f7b98759000, 32768, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21000) = 0x7f7b98759000
mmap(0x7f7b98761000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x7f7b98761000
mmap(0x7f7b98763000, 5768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f7b98763000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220$\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=636848, ...}) = 0
mmap(NULL, 635440, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b9808a000
mmap(0x7f7b9808c000, 446464, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f7b9808c000
mmap(0x7f7b980f9000, 176128, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6f000) = 0x7f7b980f9000
mmap(0x7f7b98124000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x99000) = 0x7f7b98124000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7b98a09000
arch_prctl(ARCH_SET_FS, 0x7f7b98a0a040) = 0
set_tid_address(0x7f7b98a0a310)         = 648229
set_robust_list(0x7f7b98a0a320, 24)     = 0
rseq(0x7f7b98a0a9e0, 0x20, 0, 0x53053053) = 0
mprotect(0x7f7b989f4000, 16384, PROT_READ) = 0
mprotect(0x7f7b98124000, 4096, PROT_READ) = 0
mprotect(0x7f7b98761000, 4096, PROT_READ) = 0
mprotect(0x7f7b98775000, 4096, PROT_READ) = 0
mprotect(0x7f7b9877e000, 4096, PROT_READ) = 0
mprotect(0x7f7b98a2e000, 4096, PROT_READ) = 0
mprotect(0x7f7b986b8000, 372736, PROT_READ) = 0
mprotect(0x7f7b9878f000, 4096, PROT_READ) = 0
mprotect(0x7f7b98a12000, 4096, PROT_READ) = 0
mprotect(0x7f7b987a7000, 8192, PROT_READ) = 0
mprotect(0x7f7b981f0000, 57344, PROT_READ) = 0
mprotect(0x7f7b987fd000, 8192, PROT_READ) = 0
mprotect(0x7f7b98ab9000, 4096, PROT_READ) = 0
mprotect(0x403000, 4096, PROT_READ)     = 0
mprotect(0x7f7b98b01000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7f7b98abf000, 54843)           = 0
statfs("/sys/fs/selinux", {f_type=SELINUX_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NOEXEC|ST_RELATIME}) = 0
statfs("/sys/fs/selinux", {f_type=SELINUX_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NOEXEC|ST_RELATIME}) = 0
getrandom("\x2a\x25\xe2\xe6\x96\x80\xb3\x53", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x2345000
brk(0x2366000)                          = 0x2366000
access("/etc/selinux/config", F_OK)     = 0
futex(0x7f7b987162a4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b987162a0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b9871629c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/proc/sys/crypto/fips_enabled", O_RDONLY) = 3
read(3, "0\n", 2)                       = 2
close(3)                                = 0
futex(0x7f7b98715c08, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b98715f20, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b98716180, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b98715f30, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b98716298, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/etc/pki/tls/openssl.cnf", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=12433, ...}) = 0
read(3, "#\n# OpenSSL example configuratio"..., 4096) = 4096
newfstatat(AT_FDCWD, "/etc/pki/tls/openssl.d", {st_mode=S_IFDIR|0755, st_size=6, ...}, 0) = 0
openat(AT_FDCWD, "/etc/pki/tls/openssl.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0755, st_size=6, ...}) = 0
getdents64(4, 0x23590f0 /* 2 entries */, 32768) = 48
getdents64(4, 0x23590f0 /* 0 entries */, 32768) = 0
close(4)                                = 0
newfstatat(AT_FDCWD, "/etc/crypto-policies/back-ends/opensslcnf.config", {st_mode=S_IFREG|0644, st_size=737, ...}, 0) = 0
openat(AT_FDCWD, "/etc/crypto-policies/back-ends/opensslcnf.config", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=737, ...}) = 0
read(4, "CipherString = @SECLEVEL=2:kEECD"..., 4096) = 737
read(4, "", 4096)                       = 0
close(4)                                = 0
read(3, "d look\n# For type CA, the listed"..., 4096) = 4096
read(3, "mmendation\n# subjectAltName=emai"..., 4096) = 4096
read(3, "e update\ncmd = kur\noldcert = $in"..., 4096) = 145
read(3, "", 4096)                       = 0
close(3)                                = 0
futex(0x7f7b98715dc8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b98715ef0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b98716280, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b9871627c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b98715de0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b9871628c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getuid()                                = 1000
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=2124, ...}, 0) = 0
newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0555, st_size=235, ...}, 0) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2124, ...}) = 0
read(3, "#\n# /etc/nsswitch.conf\n#\n# Name "..., 4096) = 2124
read(3, "", 4096)                       = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=2124, ...}) = 0
close(3)                                = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=54843, ...}) = 0
mmap(NULL, 54843, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7b98abf000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libnss_sss.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260%\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=53480, ...}) = 0
mmap(NULL, 53856, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7b9872a000
mmap(0x7f7b9872c000, 32768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f7b9872c000
mmap(0x7f7b98734000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f7b98734000
mmap(0x7f7b98736000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7f7b98736000
close(3)                                = 0
mprotect(0x7f7b98736000, 4096, PROT_READ) = 0
munmap(0x7f7b98abf000, 54843)           = 0
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
futex(0x7f7b98737214, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
futex(0x7f7b98737250, FUTEX_WAKE_PRIVATE, 2147483647) = 0
newfstatat(AT_FDCWD, "/proc/self/", {st_mode=S_IFDIR|0555, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
getpid()                                = 648229
fstat(-1, 0x7fff7fdce8f0)               = -1 EBADF (Bad file descriptor)
socket(AF_UNIX, SOCK_STREAM, 0)         = 3
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
fcntl(3, F_GETFD)                       = 0
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
connect(3, {sa_family=AF_UNIX, sun_path="/var/lib/sss/pipes/nss"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1781, ...}) = 0
lseek(3, 0, SEEK_SET)                   = 0
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1781
close(3)                                = 0
openat(AT_FDCWD, "/home/useruser/.ssh/config", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ssh/ssh_config", O_RDONLY) = 3
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1909, ...}) = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=1909, ...}) = 0
read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"..., 4096) = 1909
lseek(4, -1217, SEEK_CUR)               = 692
read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0"..., 4096) = 1217
close(4)                                = 0
write(2, "[2025/05/21 13:34:27.590787, 3] "..., 54) = 54
write(2, "  Reading configuration data fro"..., 54) = 54
fstat(3, {st_mode=S_IFREG|0644, st_size=1921, ...}) = 0
read(3, "#\t$OpenBSD: ssh_config,v 1.35 20"..., 4096) = 1921
openat(AT_FDCWD, "/etc/ssh/ssh_config.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0755, st_size=28, ...}) = 0
brk(0x2388000)                          = 0x2388000
getdents64(4, 0x235f440 /* 3 entries */, 32768) = 88
getdents64(4, 0x235f440 /* 0 entries */, 32768) = 0
brk(0x2380000)                          = 0x2380000
close(4)                                = 0
openat(AT_FDCWD, "/etc/ssh/ssh_config.d/50-redhat.conf", O_RDONLY) = 4
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.593152, 3] "..., 49) = 49
write(2, "  Reading additional configurati"..., 82) = 82
fstat(4, {st_mode=S_IFREG|0644, st_size=581, ...}) = 0
read(4, "# The options here are in the \"M"..., 4096) = 581
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.593752, 2] "..., 54) = 54
write(2, "  line 3: Unsupported Match keyw"..., 54) = 54
newfstatat(AT_FDCWD, "/etc/crypto-policies/back-ends/openssh.config", {st_mode=S_IFLNK|0777, st_size=46, ...}, AT_SYMLINK_NOFOLLOW) = 0
openat(AT_FDCWD, "/etc/crypto-policies/back-ends/openssh.config", O_RDONLY) = 5
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.594435, 3] "..., 49) = 49
write(2, "  Reading additional configurati"..., 91) = 91
fstat(5, {st_mode=S_IFREG|0644, st_size=1322, ...}) = 0
read(5, "Ciphers aes256-gcm@xxxxxxxxxxx,c"..., 4096) = 1322
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.595007, 2] "..., 54) = 54
write(2, "  Unknown option: GSSAPIKexAlgor"..., 47) = 47
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.595462, 2] "..., 54) = 54
write(2, "  Unknown option: CASignatureAlg"..., 49) = 49
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.595836, 2] "..., 54) = 54
write(2, "  Unknown option: RequiredRSASiz"..., 43) = 43
read(5, "", 4096)                       = 0
close(5)                                = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.596448, 2] "..., 54) = 54
write(2, "  Unapplicable option: ForwardX1"..., 51) = 51
read(4, "", 4096)                       = 0
close(4)                                = 0
read(3, "", 4096)                       = 0
close(3)                                = 0
brk(0x237f000)                          = 0x237f000
getuid()                                = 1000
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=2124, ...}, 0) = 0
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/proc/self/", {st_mode=S_IFDIR|0555, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
getpid()                                = 648229
socket(AF_UNIX, SOCK_STREAM, 0)         = 3
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
fcntl(3, F_GETFD)                       = 0
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
connect(3, {sa_family=AF_UNIX, sun_path="/var/lib/sss/pipes/nss"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1781, ...}) = 0
lseek(3, 0, SEEK_SET)                   = 0
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1781
close(3)                                = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.599300, 2] "..., 44) = 44
write(2, "  libssh 0.10.4 (c) 2003-2022 Ar"..., 216) = 216
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.599665, 3] "..., 38) = 38
write(2, "  host 10.10.10.108 matches an I"..., 42) = 42
socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_INET, sin_port=htons(2222), sin_addr=inet_addr("10.10.10.108")}, 16) = -1 EINPROGRESS (Operation now in progress)
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.600535, 2] "..., 51) = 51
write(2, "  Nonblocking connection socket:"..., 35) = 35
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.600870, 2] "..., 44) = 44
write(2, "  Socket connecting, now waiting"..., 59) = 59
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.601443, 3] "..., 44) = 44
write(2, "  Actual timeout : 10000\n", 25) = 25
poll([{fd=3, events=POLLIN|POLLOUT}], 1, 10000) = 1 ([{fd=3, revents=POLLOUT}])
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.601920, 3] "..., 56) = 56
write(2, "  Received POLLOUT in connecting"..., 39) = 39
fcntl(3, F_SETFL, O_RDONLY)             = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.602437, 1] "..., 58) = 58
write(2, "  Socket connection callback: 1 "..., 36) = 36
sendto(3, "SSH-2.0-libssh_0.10.4\r\n", 23, MSG_NOSIGNAL, NULL, 0) = 23
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.603181, 3] "..., 60) = 60
write(2, "  Enabling POLLOUT for socket\n", 30) = 30
poll([{fd=3, events=POLLIN|POLLOUT}], 1, 9999) = 1 ([{fd=3, revents=POLLIN|POLLOUT}])
recvfrom(3, "SSH-2.0-libssh_0.9.7\r\n\0\0\3t\t\24\324\343\374\275"..., 4096, 0, NULL, NULL) = 910
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.603965, 3] "..., 56) = 56
write(2, "  Received banner: SSH-2.0-libss"..., 40) = 40
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.604345, 2] "..., 63) = 63
write(2, "  SSH server banner: SSH-2.0-lib"..., 42) = 42
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.604644, 2] "..., 51) = 51
write(2, "  Analyzing banner: SSH-2.0-libs"..., 41) = 41
futex(0x7f7b98716670, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b987165e8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b98716294, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f7b98716290, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getpid()                                = 648229
brk(0x23a0000)                          = 0x23a0000
brk(0x239f000)                          = 0x239f000
getpid()                                = 648229
getrandom("\xb9\x5c\x36\x05\x7b\x66\x8f\x0d\xd4\x42\x90\xdf\x6c\x70\x53\xce\x1d\x9f\x9d\x52\x38\x7d\xdc\xd1\xa9\xf1\xa7\xc1\xb5\x93\x94\x0b"..., 40, 0) = 40
getpid()                                = 648229
getrandom("\x13\xff\x9a\x16\x96\xc1\xbb\xf4\x4c\xab\x08\x21\x87\xf9\xea\xef\x9e\x60\xc9\x84\xd7\xf4\x6b\x06\x26\xf0\xbb\x6d\x6c\xf1\x01\x4a"..., 48, 0) = 48
getpid()                                = 648229
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.607601, 3] "..., 59) = 59
write(2, "  Order of wanted host keys: \"ss"..., 129) = 129
openat(AT_FDCWD, "/home/useruser/.ssh/known_hosts", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0600, st_size=831, ...}) = 0
read(4, "10.10.10.82 ssh-ed25519 AAAAC3Nz"..., 4096) = 831
read(4, "", 4096)                       = 0
close(4)                                = 0
openat(AT_FDCWD, "/etc/ssh/ssh_known_hosts", O_RDONLY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.608765, 1] "..., 61) = 61
write(2, "  Failed to open the known_hosts"..., 92) = 92
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.609206, 3] "..., 59) = 59
write(2, "  No key found in known_hosts; c"..., 159) = 159
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.609572, 3] "..., 45) = 45
write(2, "  packet: wrote [type=20, len=90"..., 74) = 74
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.609926, 3] "..., 45) = 45
write(2, "  SSH_MSG_KEXINIT sent\n", 23) = 23
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.610313, 3] "..., 59) = 59
write(2, "  packet: read type 20 [len=884,"..., 64) = 64
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.610620, 3] "..., 51) = 51
write(2, "  Dispatching handler for packet"..., 41) = 41
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.610968, 2] "..., 55) = 55
write(2, "  Negotiated curve25519-sha256,r"..., 120) = 120
getpid()                                = 648229
getrandom("\x07\x9d\xed\xdf\x90\x04\xcd\x0e\xeb\x9d\xa7\xfa\xc3\x48\x37\x74\x7f\xce\x1c\xfa\xfd\x51\x46\x96\x09\x7f\xab\x76\x4c\x46\x78\x54"..., 48, 0) = 48
getpid()                                = 648229
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.611859, 3] "..., 45) = 45
write(2, "  packet: wrote [type=30, len=44"..., 71) = 71
sendto(3, "\0\0\3\204\7\24x\343\214\251\306\227@Y\231'\243\254Vi5\377\0\0\0\361curve2"..., 952, MSG_NOSIGNAL, NULL, 0) = 952
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.612518, 3] "..., 60) = 60
write(2, "  Enabling POLLOUT for socket\n", 30) = 30
poll([{fd=3, events=POLLIN|POLLOUT}], 1, 9989) = 1 ([{fd=3, revents=POLLOUT}])
poll([{fd=3, events=POLLIN}], 1, 9989)  = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\0\0\2d\v\37\0\0\1\27\0\0\0\7ssh-rsa\0\0\0\3\1\0\1\0\0\1\1"..., 4096, 0, NULL, NULL) = 616
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.631691, 3] "..., 59) = 59
write(2, "  packet: read type 31 [len=612,"..., 65) = 65
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.632382, 3] "..., 51) = 51
write(2, "  Dispatching handler for packet"..., 41) = 41
sendto(3, "\0\0\0\f\n\25\0\0\0\0\0\0\0\0\0\0", 16, MSG_NOSIGNAL, NULL, 0) = 16
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.633561, 3] "..., 60) = 60
write(2, "  Enabling POLLOUT for socket\n", 30) = 30
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.634140, 3] "..., 45) = 45
write(2, "  packet: wrote [type=21, len=12"..., 70) = 70
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.634969, 3] "..., 54) = 54
write(2, "  Set output algorithm to aes256"..., 49) = 49
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.635493, 3] "..., 54) = 54
write(2, "  Set HMAC output algorithm to a"..., 40) = 40
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.635990, 3] "..., 54) = 54
write(2, "  Set input algorithm to aes256-"..., 48) = 48
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.636496, 3] "..., 54) = 54
write(2, "  Set HMAC input algorithm to ae"..., 39) = 39
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.637092, 2] "..., 53) = 53
write(2, "  Set rekey after 4294967296 blo"..., 36) = 36
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.637618, 2] "..., 53) = 53
write(2, "  Set rekey after 4294967296 blo"..., 36) = 36
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.638153, 2] "..., 67) = 67
write(2, "  SSH_MSG_NEWKEYS sent\n", 23) = 23
poll([{fd=3, events=POLLIN|POLLOUT}], 1, 9964) = 1 ([{fd=3, revents=POLLIN|POLLOUT}])
recvfrom(3, "\0\0\0\f\n\25\0\0\0\0\0\0\0\0\0\0", 4096, 0, NULL, NULL) = 16
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.638975, 3] "..., 59) = 59
write(2, "  packet: read type 21 [len=12,p"..., 60) = 60
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.639485, 3] "..., 51) = 51
write(2, "  Dispatching handler for packet"..., 41) = 41
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.640101, 2] "..., 51) = 51
write(2, "  Received SSH_MSG_NEWKEYS\n", 27) = 27
brk(0x23c0000)                          = 0x23c0000
brk(0x23bf000)                          = 0x23bf000
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.641171, 2] "..., 51) = 51
write(2, "  Signature verified and valid\n", 31) = 31
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.641688, 3] "..., 44) = 44
write(2, "  current state : 7\n", 20)   = 20
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.642211, 3] "..., 60) = 60
write(2, "  Trying to authenticate with /h"..., 52) = 52
openat(AT_FDCWD, "/home/useruser/id_rsa.pub", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=401, ...}) = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=401, ...}) = 0
read(4, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB"..., 4096) = 401
close(4)                                = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.643466, 3] "..., 58) = 58
write(2, "  Checking rsa-sha2-512 with lis"..., 358) = 358
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.643865, 3] "..., 58) = 58
write(2, "  Checking rsa-sha2-256 with lis"..., 358) = 358
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.644243, 3] "..., 58) = 58
write(2, "  Checking ssh-rsa with list <ec"..., 353) = 353
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.644552, 1] "..., 59) = 59
write(2, "  The key algorithm 'ssh-rsa' is"..., 105) = 105
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.644855, 3] "..., 60) = 60
write(2, "  Public key for /home/useruser/"..., 57) = 57
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.645245, 3] "..., 60) = 60
write(2, "  Trying to authenticate with /h"..., 61) = 61
openat(AT_FDCWD, "/home/useruser/.ssh/id_ed25519.pub", O_RDONLY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.645697, 1] "..., 59) = 59
write(2, "  Error opening /home/useruser/."..., 78) = 78
openat(AT_FDCWD, "/home/useruser/.ssh/id_ed25519", O_RDONLY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.646195, 1] "..., 60) = 60
write(2, "  Error opening /home/useruser/."..., 74) = 74
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.646548, 3] "..., 60) = 60
write(2, "  Private key /home/useruser/.ss"..., 60) = 60
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.646885, 3] "..., 60) = 60
write(2, "  Trying to authenticate with /h"..., 59) = 59
openat(AT_FDCWD, "/home/useruser/.ssh/id_ecdsa.pub", O_RDONLY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.647375, 1] "..., 59) = 59
write(2, "  Error opening /home/useruser/."..., 76) = 76
openat(AT_FDCWD, "/home/useruser/.ssh/id_ecdsa", O_RDONLY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.647845, 1] "..., 60) = 60
write(2, "  Error opening /home/useruser/."..., 72) = 72
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.648234, 3] "..., 60) = 60
write(2, "  Private key /home/useruser/.ss"..., 58) = 58
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.648576, 3] "..., 60) = 60
write(2, "  Trying to authenticate with /h"..., 57) = 57
openat(AT_FDCWD, "/home/useruser/.ssh/id_rsa.pub", O_RDONLY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.649043, 1] "..., 59) = 59
write(2, "  Error opening /home/useruser/."..., 74) = 74
openat(AT_FDCWD, "/home/useruser/.ssh/id_rsa", O_RDONLY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.649489, 1] "..., 60) = 60
write(2, "  Error opening /home/useruser/."..., 70) = 70
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.649795, 3] "..., 60) = 60
write(2, "  Private key /home/useruser/.ss"..., 56) = 56
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.650163, 2] "..., 60) = 60
write(2, "  Tried every public key, none m"..., 39) = 39
write(2, "Authentication failed: The key a"..., 126) = 126
getpid()                                = 648229
sendto(3, "\0\0\0 d\331x\37\250\6\203\35E\334\256'\300/\303\366\354\202\260\241\200t\256X\210\v\215N"..., 52, MSG_NOSIGNAL, NULL, 0) = 52
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.650956, 3] "..., 60) = 60
write(2, "  Enabling POLLOUT for socket\n", 30) = 30
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=1909, ...}, 0) = 0
write(2, "[2025/05/21 13:34:27.651442, 3] "..., 45) = 45
write(2, "  packet: wrote [type=1, len=32,"..., 71) = 71
close(3)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++

Follow-Ups:
Re: The key algorithm 'ssh-rsa' is not allowed in V 0.10.4Jakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org