I am setting up a new CentOS 9 Stream container as a part of a CI system. It needs to make an SSH connection to download some code from a legacy Git host using an ssh-rsa key (which is considered an acceptable risk on this network with this host).
I start by generating a key.
ssh-keygen -t ssh-rsa -f test_rsa_key
Running with the key I get a "no mutual signature algorithm" error.
ssh -v -i test_rsa_key user@server
debug1: Next authentication method: publickey
debug1: Offering public key: test_rsa_key RSA SHA256:<snip> explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: No more authentication methods to try.
user@server: Permission denied (publickey).
I can explicitly enable ssh-rsa with -oPubkeyAcceptedKeyTypes=+ssh-rsa, but now I get a libcrypto error.
ssh -oPubkeyAcceptedKeyTypes=+ssh-rsa -v -i test_rsa_key user@server
debug1: Next authentication method: publickey
debug1: Offering public key: test_rsa_key RSA SHA256:<snip> explicit
debug1: Server accepts key: test_rsa_key RSA SHA256:<snip> explicit
debug1: identity_sign: sshkey_sign: error in libcrypto
sign_and_send_pubkey: signing failed for RSA "test_rsa_key": error in libcrypto
debug1: No more authentication methods to try.
user@server: Permission denied (publickey).
Is it possible that support for the legacy ssh-rsa signature method is disabled in CentOS 9 Stream at the libcrypto level? How can I make a connection with this key on the latest CentOS?