Rocky Linux 9 sshd: userauth_pubkey: key type sk-ssh-ed25519@openssh.com not in PubkeyAcceptedAlgorithms [preauth]

Hello,

I encountered a strange problem recently - I cannot use my HW FIDO key to authenticate to fresh installation of RL9 machine - only RSA and password are working. Public keys are copied to ~/.ssh/authorized_keys, I added ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com to /etc/crypto-policies/back-ends/opensshserver.config and run update-crypto-polices + restart but no effect so far. I’ve even added manually option PubkeyAcceptedAlgorithms +sk-ssh-ed25519@openssh.com to sshd_config but also without success, ssh -Q pubkeyacceptedkeytypes still doesn’t show sk-ssh-ed25519@openssh.com. I do not have that problem on my other (older) installation of RL9 and other simmilar RPM distros (Alma,Fedora). Tried on orginal package from ‘System/baseos’ and hardened from ‘security-common’ - guess I’m missing some point - what do you think about it? Any help or hint would be appreciated. Thx in advance

Check if you have FIPS mode enabled. “fips-mode-setup - -check” If it is enabled, you may want to disable and check “fips-mode-setup - -disable” Note, this is 2 dashes and then check. It does not display correct here.

The FIPS check randallb suggested is a good first step. But even without FIPS enabled, Rocky 9’s default crypto policy (DEFAULT) does not include the sk-ssh-ed25519 key type in the accepted algorithms for the SSH server.

The issue is that editing /etc/crypto-policies/back-ends/opensshserver.config directly gets overwritten when crypto policies are updated. The correct way to persist this is with a policy submodule.

Create a custom submodule that allows security key types:

cat > /etc/crypto-policies/policies/modules/SSHFIDO.pmod << 'EOF'
ssh_etm = AEAD
ssh@OpenSSH = ECDSA-SK+ ED25519-SK+
EOF

Then apply it on top of the DEFAULT policy:

update-crypto-policies --set DEFAULT:SSHFIDO

This adds the sk-ssh-ed25519 and sk-ecdsa-sha2-nistp256 key types to the allowed algorithms without weakening the rest of the crypto policy.

After applying, restart sshd:

systemctl restart sshd

Verify the allowed key types with:

sshd -T | grep pubkeyacceptedalgorithms

You should see sk-ssh-ed25519@openssh.com in the output. This approach survives system updates because the submodule is applied at the policy level rather than directly editing backend config files.

Hello again and many thx for your help!
I was digging more in subject and it seems like enforcing FIPS on kernel cmdline level was the issue then (sth must have pass my eyes during installation).

It also looks like sk-ssh-ed25519@openssh.com are present in DEFAULT policy since 2025-10-31 (or maybe it was introduced with SIG repo overwrite update for SSH - didn’t have time for verification, sry):
ls -la /usr/share/crypto-policies/DEFAULT/
total 60
drwxr-xr-x. 2 root root 4096 May 13 11:30 .
drwxr-xr-x. 9 root root 152 May 10 21:05 ..
-rw-r--r--. 2 root root 124 Oct 31 2025 bind.txt
-rw-r--r--. 2 root root 3075 Oct 31 2025 gnutls.txt
-rw-r--r--. 2 root root 153 Oct 31 2025 javasystem.txt
-rw-r--r--. 2 root root 1552 Oct 31 2025 java.txt
-rw-r--r--. 2 root root 137 Oct 31 2025 krb5.txt
-rw-r--r--. 2 root root 565 Oct 31 2025 libreswan.txt
-rw-r--r--. 2 root root 1165 Oct 31 2025 libssh.txt
-rw-r--r--. 2 root root 409 Oct 31 2025 nss.txt
-rw-r--r--. 2 root root 1804 Oct 31 2025 opensshserver.txt
-rw-r--r--. 2 root root 1322 Oct 31 2025 openssh.txt
-rw-r--r--. 2 root root 738 Oct 31 2025 opensslcnf.txt
-rw-r--r--. 2 root root 49 Oct 31 2025 openssl_fips.txt
-rw-r--r--. 2 root root 151 Oct 31 2025 openssl.txt
-rw-r--r--. 2 root root 1953 Oct 31 2025 rpm-sequoia.txt

cat /usr/share/crypto-policies/DEFAULT/opensshserver.txt
Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512
RequiredRSASize 2048