ssh2: publickey auth fails in ssh2, but works from command line

I am try to connect to a DigitalOcean droplet with ssh2.

$ ssh -V
OpenSSH_7.9p1, LibreSSL 2.7.3
$ node --version
v15.0.1
$ yarn info ssh2
0.8.9

Here’s my code:

let conn = new ssh2.Client()
return new Promise((resolve, reject) => {
    conn.on('ready', () => {
        conn.exec(cmd, (err, stream) => {
            if (err) {
                reject(err)
            }
            stream.on('close', (code, signal) => {
                if (code !== 0) {
                    reject(code)
                }
                conn.end()
                resolve(code)
            }).stderr.on('data', (data) => {
                reject(data)
            })
        })
    }).connect({
        host: xxx.xxx.xxx.xxx,
        port: 22,
        username: 'root',
        privateKey: fs.readFileSync('/Users/<me>/.ssh/id_rsa'),
        debug: (s) => {console.log(s)}
    })
})

ssh2 fails with the following log:

DEBUG: Local ident: 'SSH-2.0-ssh2js0.4.10'
DEBUG: Client: Trying localhost on port 22 ...
DEBUG: Client: Connected
DEBUG: Parser: IN_INIT
DEBUG: Parser: IN_GREETING
DEBUG: Parser: IN_HEADER
DEBUG: Remote ident: 'SSH-2.0-OpenSSH_7.9'
DEBUG: Outgoing: Writing KEXINIT
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:1076,padLen:6,remainLen:1072
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXINIT
DEBUG: Comparing KEXINITs ...
DEBUG: (local) KEX algorithms: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha
256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1
DEBUG: (remote) KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sh
a512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
DEBUG: KEX algorithm: curve25519-sha256@libssh.org
DEBUG: (local) Host key formats: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
DEBUG: (remote) Host key formats: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
DEBUG: Host key format: ssh-ed25519
DEBUG: (local) Client->Server ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
DEBUG: (remote) Client->Server ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
DEBUG: Client->Server Cipher: aes128-ctr
DEBUG: (local) Server->Client ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
DEBUG: (remote) Server->Client ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
DEBUG: Server->Client Cipher: aes128-ctr
DEBUG: (local) Client->Server HMAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: (remote) Client->Server HMAC algorithms: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh
.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: Client->Server HMAC algorithm: hmac-sha2-256
DEBUG: (local) Server->Client HMAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: (remote) Server->Client HMAC algorithms: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh
.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: Server->Client HMAC algorithm: hmac-sha2-256
DEBUG: (local) Client->Server compression algorithms: none,zlib@openssh.com,zlib
DEBUG: (remote) Client->Server compression algorithms: none,zlib@openssh.com
DEBUG: Client->Server compression algorithm: none
DEBUG: (local) Server->Client compression algorithms: none,zlib@openssh.com,zlib
DEBUG: (remote) Server->Client compression algorithms: none,zlib@openssh.com
DEBUG: Server->Client compression algorithm: none
DEBUG: Outgoing: Writing KEXECDH_INIT
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:188,padLen:8,remainLen:184
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXECDH_REPLY
DEBUG: Checking host key format
DEBUG: Checking signature format
DEBUG: Verifying host fingerprint
DEBUG: Host accepted by default (no verification)
DEBUG: Verifying signature
DEBUG: Outgoing: Writing NEWKEYS
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:12,padLen:10,remainLen:8
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: NEWKEYS
DEBUG: Outgoing: Writing SERVICE_REQUEST (ssh-userauth)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:28,padLen:10,remainLen:16
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:32
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: SERVICE_ACCEPT
DEBUG: Outgoing: Writing USERAUTH_REQUEST (none)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:60,padLen:14,remainLen:48
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:32
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_FAILURE
DEBUG: Client: none auth failed
DEBUG: Outgoing: Writing USERAUTH_REQUEST (publickey -- check)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:60,padLen:14,remainLen:48
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:32
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_FAILURE
DEBUG: Client: publickey auth failed
node:events:304
      throw er; // Unhandled 'error' event
      ^

Error: All configured authentication methods failed
    ...
Emitted 'error' event on Client instance at:
    at doNextAuth (.../node_modules/ssh2/lib/client.js:415:12)
    at tryNextAuth (.../node_modules/ssh2/lib/client.js:484:5)
    [... lines matching original stack trace ...]
    at Socket.ondata (node:internal/streams/readable:715:22) {
  level: 'client-authentication'
}

And here’s what ssh -vvv root@xxx.xxx.xxx.xxx echo hello shows me:

OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/<me>/.ssh/config
debug1: /Users/<me>/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug2: resolve_canonicalize: hostname xxx.xxx.xxx.xxx is address
debug2: ssh_connect_direct
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /Users/<me>/.ssh/id_rsa type 0
debug1: identity file /Users/<me>/.ssh/id_rsa-cert type -1
debug1: identity file /Users/<me>/.ssh/id_dsa type -1
debug1: identity file /Users/<me>/.ssh/id_dsa-cert type -1
debug1: identity file /Users/<me>/.ssh/id_ecdsa type -1
debug1: identity file /Users/<me>/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/<me>/.ssh/id_ed25519 type -1
debug1: identity file /Users/<me>/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/<me>/.ssh/id_xmss type -1
debug1: identity file /Users/<me>/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to xxx.xxx.xxx.xxx:22 as 'root'
debug3: hostkeys_foreach: reading file "/Users/<me>/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /Users/<me>/.ssh/known_hosts:231
debug3: load_hostkeys: loaded 1 keys from xxx.xxx.xxx.xxx
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:TfXJgCVPy6XMqj+1lMjKjp0s9xtDxAeSzrKX/0BFwj0
debug3: hostkeys_foreach: reading file "/Users/<me>/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /Users/<me>/.ssh/known_hosts:231
debug3: load_hostkeys: loaded 1 keys from xxx.xxx.xxx.xxx
debug1: Host 'xxx.xxx.xxx.xxx' is known and matches the ECDSA host key.
debug1: Found key in /Users/<me>/.ssh/known_hosts:231
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /Users/<me>/.ssh/id_rsa RSA SHA256:DMI9zKrH0iUZIxI0c1Wy6Hgv9i025lAZJ5L0+Xmhf4M
debug1: Will attempt key: /Users/<me>/.ssh/id_dsa 
debug1: Will attempt key: /Users/<me>/.ssh/id_ecdsa 
debug1: Will attempt key: /Users/<me>/.ssh/id_ed25519 
debug1: Will attempt key: /Users/<me>/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/<me>/.ssh/id_rsa RSA SHA256:DMI9zKrH0iUZIxI0c1Wy6Hgv9i025lAZJ5L0+Xmhf4M
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /Users/<me>/.ssh/id_rsa RSA SHA256:DMI9zKrH0iUZIxI0c1Wy6Hgv9i025lAZJ5L0+Xmhf4M
debug3: sign_and_send_pubkey: RSA SHA256:DMI9zKrH0iUZIxI0c1Wy6Hgv9i025lAZJ5L0+Xmhf4M
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to xxx.xxx.xxx.xxx ([xxx.xxx.xxx.xxx]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x20
debug2: client_session2_setup: id 0
debug1: Sending environment.
debug3: Ignored env LESS_TERMCAP_mb
debug3: Ignored env TERM_PROGRAM
debug3: Ignored env LESS_TERMCAP_md
debug3: Ignored env LESS_TERMCAP_me
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env CLICOLOR
debug3: Ignored env HISTSIZE
debug3: Ignored env TMPDIR
debug3: Ignored env Apple_PubSub_Socket_Render
debug3: Ignored env TERM_PROGRAM_VERSION
debug3: Ignored env OLDPWD
debug3: Ignored env LESS_TERMCAP_ue
debug3: Ignored env HISTFILESIZE
debug3: Ignored env USER
debug3: Ignored env COMMAND_MODE
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env __CF_USER_TEXT_ENCODING
debug3: Ignored env LSCOLORS
debug3: Ignored env LESS_TERMCAP_us
debug3: Ignored env PATH
debug3: Ignored env PWD
debug3: Ignored env __PS1__
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env XPC_FLAGS
debug3: Ignored env HISTIGNORE
debug3: Ignored env HISTCONTROL
debug3: Ignored env XPC_SERVICE_NAME
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env __UPDIR__
debug3: Ignored env LOGNAME
debug3: Ignored env LESS_TERMCAP_so
debug3: Ignored env PROMPT_COMMAND
debug3: Ignored env DISPLAY
debug3: Ignored env PROMPT_INDEX
debug3: Ignored env SECURITYSESSIONID
debug3: Ignored env LESS_TERMCAP_se
debug3: Ignored env COLORTERM
debug3: Ignored env _
debug1: Sending command: echo hello
debug2: channel 0: request exec confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: chan_shutdown_read (i0 o0 sock -1 wfd 4 efd 6 [write])
debug2: channel 0: input open -> closed
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
hello
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: channel 0: chan_shutdown_write (i3 o1 sock -1 wfd 5 efd 6 [write])
debug2: channel 0: output drain -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 e[write]/0 fd -1/-1/6 sock -1 cc -1)

debug3: send packet: type 1
debug3: fd 1 is not O_NONBLOCK
Transferred: sent 2760, received 3000 bytes, in 1.0 seconds
Bytes per second: sent 2652.6, received 2883.3
debug1: Exit status 0

Is there another argument in connect() that I need to include?

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 14
Comments: 59 (11 by maintainers)

Commits related to this issue

google cloud driver - wip - temporarily switch ssh2 version due to https://github.com/mscdex/ssh2/issues/989 — committed to livecycle/preevy by deleted user a year ago
Google Cloud (GCP/GCE) driver (#54) * google cloud driver - wip - temporarily switch ssh2 version due to https://github.com/mscdex/ssh2/issues/989 * some fixes * more fixes - rsync permis... — committed to livecycle/preevy by deleted user a year ago
lib: add server-sig-algs support Fixes: https://github.com/mscdex/ssh2/issues/989 — committed to dhensby/ssh2 by mscdex a year ago

Most upvoted comments

The following steps worked for me on ubuntu server 22.04 LTS

Open file “/etc/ssh/sshd_config”

Add the line below PubkeyAcceptedKeyTypes=+ssh-rsa

Restart the service sshd sudo systemctl restart sshd.service

try again and hope it will work

+67

shobekhan on May 4, 2022

IMO OpenSSH is the industry standard, and if it violates the spec (unfortunately) any library aiming to be the primary SSH implementation for a given platform has to either follow suit, or provide a “quirks mode” flag that would enable OpenSSH compatible behaviour.

Spec compat is cool, but real use comes first.

Eugeny on May 24, 2022

From what I can understand of this issue, openSSH has deprecated support for ssh-rsa because it uses sha1 for transport and the cost to compromise are now within the realms of possibility. Therefore, adding back ssh-rsa support to sshd_config is likely not a great idea.

However, apparently rsa-sh2-256 uses the same keys (but sha2 for transport) and can therefore be used with existing rsa keys i.e. no need to regenerate new keys. This makes me wonder if you could get around the issue by simply removing ssh-rsa as one of the supported algorithms in the client configuration. This should force the use of rsa-sha2-256 and as current versions of openSSH support this by default, there should be no need to modify sshd configurations (unless your running an old version of openssh of course).

I guess this moduel should remove ssh-rsa support - or at least mark it as deprecated and not have it enabled by default.

BTW for those who did add ssh-rsa to their sshd config and it didn’t work, be aware that some Linux distributions (noteably those derived from RedHat) have an additional crypto policy enforcement service. This means that making changes to your sshd_config file will have no effect if the changes you make are attempting to alter the crypto policy on the server and you do not also update the configuration of the policy.

theophilusx on Jun 25, 2022

I’m having the same issue.

This will happen when trying to connect to any server with a recent version of openssh (with default settings) and so it will become more and more urgent as it’s not just a fedora deprecation but an openssh one.

Arch Linux is also shipping this version of openssh.

mtorromeo on Nov 18, 2021

I’m in a weird situation here. Editing /etc/ssh/sshd_config is not an option for me, as well as changing keys to ed25519.

Logging in to the servers works fine for me through command line ssh (or putty). But ssh2 on nodejs fails. I kinda understand the reasoning behind this behavior, but we really need to have a wordaround on ssh2 side, not on server side.

subtletech on May 24, 2022

I had some time to take a crack at this and decided to mostly go with how the OpenSSH client does things, with the exception being that the sha1-based RSA offer will be sent if the server does not send a server-sig-algs extension, for greater backwards compatibility.

For ssh2 servers, ctx.key.algo will always be 'ssh-rsa' for RSA keys and a ctx.hashAlgo will now be available to make things a bit easier. Technically this would be a breaking change, but the only situation I can think of where this would be a problem would be clients sending sha2-based RSA offers (perhaps via trial and error) and implementors checking that ctx.key.algo against those sha2-based RSA signature names. Seeing as most SSH clients either only send 'ssh-rsa' or at least support server-sig-algs, I don’t think this should be a problem, so the proposed changes won’t need to land in a new major version.

If anyone wants to give it a try, feel free to checkout the ext_info branch and let me know how it works for you.

mscdex on Apr 14, 2023

@mscdex If I understand correctly - while we cannot get a list of PubkeyAcceptedAlgorithms, we could:

use the best algorithm possible (now it uses the worst possible, oppositely to what OpenSSH does: https://github.com/mscdex/ssh2/issues/989#issuecomment-875126682)
and allow the user to explicitly choose the preferred algorithm

So we’d need a configuration option similar to kex or cipher, but related to private key area, right?

Dzieni on Dec 8, 2021

@DanielBlancoMS No ETA. Besides, I heartily suggest people use ed25519 keys where possible, for reasons beyond this particular issue.

mscdex on Nov 8, 2022

I’m having this problem in Ubuntu 22.04 (at both ends of the connection) and it would be great to have a fix! EDIT… or… using ssh keys based on ed25519 rather than rsa (i.e. generate with ssh-keygen -t ed25519) makes ssh2 work fine with Ubuntu 22.04… so I’m good to go again!

drmrbrewer on Sep 20, 2022

I guess this in relation to this: https://www.reddit.com/r/linuxquestions/comments/qgmnnh/ssh_key_no_mutual_signature_algorithm/ https://levelup.gitconnected.com/demystifying-ssh-rsa-in-openssh-deprecation-notice-22feb1b52acd

Meaning right now I’ll have to tell affected users (using Arch) to use an ed25519 key or explicitly enable “PubkeyAcceptedKeyTypes=+ssh-rsa” in their .ssh/config file.

axkibe on Mar 7, 2022

Hello, any updates regarding this issue? Is there an ETA for the fix?

Is there any information you can share to us?

Best Regards

DanielBlancoMS on Nov 8, 2022

I get the error message “wrong signature type : ssh-rsa expected : rsa-sha2-512” when I try to connect server using module ssh2. I try to fix it by updating the version of libssh on server from 0.7.6 to 0.9.6. It works!

Yos6969 on Jul 16, 2022

Same Issue. Cannot connect from ssh2 module, but works with ssh command line Adding this: PubkeyAcceptedKeyTypes=+ssh-rsa to /etc/ssh/sshd_config works around the problem, but, will be available any fix to ssh2 npm module?

voxsoftware on Jun 25, 2022

Thanks the commit https://github.com/mscdex/ssh2/pull/1200

fixed.

alanhg on Jul 30, 2022

I guess this in relation to this: https://www.reddit.com/r/linuxquestions/comments/qgmnnh/ssh_key_no_mutual_signature_algorithm/ https://levelup.gitconnected.com/demystifying-ssh-rsa-in-openssh-deprecation-notice-22feb1b52acd

Meaning right now I’ll have to tell affected users (using Arch) to use an ed25519 key or explicitly enable “PubkeyAcceptedKeyTypes=+ssh-rsa” in their .ssh/config file.

I our case, adding PubkeyAcceptedAlgorithms=+ssh-rsa did the trick.

jmichiel on Apr 21, 2022

No I believe it’s that this library is “labeling” my key as ssh-rsa whereas the open ssh client is “labeling” it as rsa-sha2-512.

Since fedora deprecated ssh-rsa I can’t use this library to connect even though I can connect with the openssh client (that labels the same key differently).

Does that make sense?

eatonphil on Jul 6, 2021