HELP: shh keys do not work on two routers, but do on third.

[jbspillman]

Got some older ASUS routers here, upgraded to Merlin firmware. This used to work for me, not sure what has changed but now I can't login to the older models with ssh keys. I can still login manually though.
I have rebooted them, re-did the keys that work on the RT-AC68U and applied them to the RT-AC66U's.. Strange issue for me. I guess I could use sshpass, but I'd rather just use keys.

bash_prompt:  ssh username@1.1.1.1
ASUSWRT-Merlin RT-AC68U 386.7_2 Sun Jul 24 21:37:07 UTC 2022
username@rt-ac66u-b1:/tmp/home/root# exit
Connection to 1.1.1.1 closed.

bash_prompt:  ssh username@1.1.1.2
username@1.1.1.2's password:
ASUSWRT-Merlin RT-AC66U 380.70-0 Sun Apr  8 18:04:34 UTC 2018
username@rt-ac66u-1:/tmp/home/root# exit
Connection to 1.1.1.2 closed.

bash_prompt:  ssh username@1.1.1.3
username@1.1.1.3's password:
ASUSWRT-Merlin RT-AC66U 380.70-0 Sun Apr  8 18:04:34 UTC 2018
username@rt-ac66u-2:/tmp/home/root# exit
Connection to 1.1.1.3 closed.

 

[dave14305]

What type of key did you generate? RSA, ed25519, etc.?

Obviously the ancient routers didn’t change, but maybe your SSH client on your other machine did, and a newer version deprecated some cipher or similar gotcha.

Use ssh -vv to get more verbose output. Compare the working and non-working output.

 

[jbspillman]

I see something different..

this is where it is failing on older router..

debug1: send_pubkey_test: no mutual signature algorithm

 

[jbspillman]

The keys were RSA and generated via ssh-keygen -t rsa -b 4096

SOLUTION: I generated a key at probably a weaker strength but now it is accepted on all three routers.
ssh-keygen -t ecdsa