First note: Everything works fine, but the below message is displayed. Alternative title for this thread: Spurious error messages for $200, Alex.

$ # I have an agent setup to do passwordless connection and have SSH_AUTH_SOCK set appropriately...
$ ssh someHost
agent key RSA SHA256:jp......................................... returned incorrect signature type

After which it connects to the remote host and everything is fine.

What (if anything) does this message mean?

--
The randomly chosen signature file that would have appeared here is more than 4 lines long. As such, it violates one or more Usenet RFCs. In order to remain in compliance with said RFCs, the actual sig can be found at the following URL:
http://user.xmission.com/~gazelle/Sigs/DanQuayle

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-10-18, Kenny McCormack <[email protected]> wrote:

$ # I have an agent setup to do passwordless connection and have SSH_AUTH_SOCK set appropriately...
$ ssh someHost
agent key RSA SHA256:jp......................................... returned incorrect signature type

After which it connects to the remote host and everything is fine.

I would use "ssh -vvv" to see exactly which signature algorithms
are offered and used.

What (if anything) does this message mean?

My best guess--shakily supported by my reading but only partial
understanding of the relevant OpenSSH code--is that server and
client want to use an rsa-sha2-512 or rsa-sha2-256 signature, but
the agent can't handle those algorithms, and all parties fall back
to using ssh-rsa.

That in turn would imply that the agent is out of sync with the
client: A forwarding chain starting from a host with a truly ancient
ssh-agent? A poor replacement for ssh-agent, maybe gpg-agent? Some
PKCS#11 token?

--
Christian "naddy" Weisgerber [email protected]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)