Okta ASA - SUSE 15 Support
Last Updated:
Overview
When an Okta Advanced Server Access (ASA) project uses SSH-RSA ciphers with SUSE 15, an authentication error occurs because SUSE 15 deprecates the cipher. Resolve this issue by modifying the SSH daemon configuration file or by updating the project to use the ssh-ed25519 algorithm. If the configuration remains unchanged, the following error occurs:
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Applies To
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Okta ASA
- SUSE 15
Cause
SUSE 15 deprecates the SSH-RSA cipher and no longer supports it by default, which prevents successful authentication when an Okta ASA project uses it.
Solution
The SSH daemon configuration requires an update to allow legacy ciphers.
Update the SSH daemon configuration file to enable the legacy cipher, then restart the service.
-
- Enter the following line into the
/etc/ssh/sshd_configfile:
- Enter the following line into the
CASignatureAlgorithms +ssh-rsa
-
- Restart the SSH service.
How is the project updated to use the SSH-ed25519 algorithm?
If no legacy servers are enrolled in the project, update the signature algorithm in the Okta ASA dashboard to use a supported modern cipher.
- Sign in to the Okta ASA dashboard.
- Go to Projects > > Actions > Edit > SSH Certificate Signature Algorithm.
- Choose ssh-ed25519 from the dropdown menu and select Submit.
