With Leap 15.6 the ssh signature type ssh-rsa isn’t supported any longer for ssh connections. Therefore every connection using a ssh-rsa signature asks for a password instead of trying a public key authentication.
Nevertheless the command ssh-keygen still produces a ssh-rsa signature if not forced otherwise. So you can set the signature type option like: ssh-keygen -t ecdsa
Test your supported signature types of the client and of the server with: ssh -nvv -o NumberOfPasswordPrompts=0 @ 2>&1 | grep ‘debug2: host key’
Both have to match the used signature type.
The actual change is that there is now a minimum length required for RSA keys. I have just successfully logged in (from one 15.6 system to another) using a 3072 bit RSA key.
I have switched to mostly use ed25519 keys in my normal work, but I do have an RSA key for testing purposes.
If you have already a rsa-key that is long enough that works. If you create a key with ssh-keygen without any option the created rsa-key is to short and will not work.
I’m pretty sure that if you create an RSA key without any options, you will get a 3072 bit key. That’s how my key happens to be 3072 bits.
However, if you created an RSA key several years ago, it might well be too short. Prior to installing 15.6, I was using a 1024 bit RSA key and a 2048 bit RSA key. The 1024 bit key is from many years ago. The 2048 bit key did still work with 15.6, but I have since changed my practices, and generated new keys.
% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nwr/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/nwr/.ssh/id_rsa
Your public key has been saved in /home/nwr/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:VDNBaK3hEYoAULxv5/mwz9kO/uYVCPII5IsK89vJGF8 nwr@nwrdell
The key's randomart image is:
+---[RSA 3072]----+
|++o . .=*. |
| .+ . .=..o |
| .+ ooo+ |
| .. o =o. . |
|o ... . S . . |
|.+ o . . |
|. o. oE.. . |
| B oo= +.. |
| o = .o*== |
+----[SHA256]-----+
As you can see, it generated a 3072 bit RSA key which should be supported by a Leap 15.6 server.
I first renamed “.ssh” to “.ssh.old” and created a new “.ssh” directory. I then created an RSA key:
% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nwr/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/nwr/.ssh/id_rsa
Your public key has been saved in /home/nwr/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:xBK9+AbHdVyiEBXoIbW2s+8ubLOsgn/tkUrbtRH06f8 nwr@nwr2
The key's randomart image is:
+---[RSA 3072]----+
| .o++oo... |
| .o+o..o. |
| .==+o. |
| o+=o . . |
| +S . o |
| o+ o |
| . .++ o . |
| . ...=*+ o . |
| ..o++=*= ..E|
+----[SHA256]-----+
nwr2:nwr 9% ls .ssh
id_rsa id_rsa.pub
nwr2:nwr 10% cat .ssh/*.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCT3Jpd6Aa6aUbtQA6PC3grcLJlsrVywZz4zGpeDdO51nIQ2i7+A2i+GL/0F5o+kPt5Ycby6VVgVJnT9Qu5MXPOV3hdjZk3pafXlFdSGChHwdOm8P/tSHbxA9zKjr0WtE63mOxK6YW6zI5lHilmeQ46YlbaWsyl4A/t6dDi2UoXNJEClYSoe7pT5oZASZ/jMoHdftC6kOcn4b2PlTxyUYKBksAFcXptlARDN3QOBUemL4i2CkVSgr4bJHvahhWDMXaatmQTmTlB0UBREbzgGFKFjqfj3oLiCRYHEDY3jgG6vdB70QudqvTtU3sj9cL3eqg+HDM4YLJmhUJk8mvNF9nYj8+HxaLufEOcAwfy8xIPKK8T8rSyaevKZPa3LwRWSA8mYt/5XQK/ZMP4VK/jRFqe9KD49RBlXxMMivMAcojhuryA2B4CpJ0E3fVcwSmvpKw9rK2RuEfBGgxExU9OG3u9r1cxria1UZGV+evWIkcBzhYjYQQ6+Z9ev4DlEn78KPU= nwr@nwr2
I next added that public key to “ssh/authorized_keys” on the server. (I did that out-of-line so no output to show).
I then tried to login to the server:
nwr2:nwr 11% ssh nwrdell
Enter passphrase for key '/home/nwr/.ssh/id_rsa':
Last login: Sun May 19 06:52:53 2024 from 192.168.1.66
nwrdell:nwr 1%
And that worked, without a problem.
Your debug output is showing information about host keys rather than client keys. Maybe you are trying to use host keys to authenticate but your host key is too short or otherwise not suitable.