macOS 13 (Ventura) ships with OpenSSH_9.0p1. According to the OpenSSH release notes:
This release disables RSA signatures using the SHA-1 hash algorithm by default. This change has been made as the SHA-1 hash algorithm is cryptographically broken, and it is possible to create chosen-prefix hash collisions for USD$50K …
因為 SHA-1 hash algorithm 安全性問題,macOS 不再支援該加密方式,所以舊有的 ssh 如果是用 keypass 方式連線都會出現 Permission denied (publickey) 錯誤而無法連線
修復方法 temp fix method
open folder /etc/ssh
if you can not see the hidden folders, press command + shift + .
add following lines to the end of file ssh_config (after Host * …, remember to add tabs):
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
then save the file and reboot your mac.
系統版本 macOS version
my current macOS version is: 13.4.1 (c) (22F770820d).