We Keep Coding

Sign_and_send_pubkey: no mutual signature supported

I tried to connect to ssh server in M1 macOS terminal like this
ssh -i {myKeyFilePath/myKeyFile.pem} user#host
but it returns
sign_and_send_pubkey: no mutual signature supported
user#host: Permission denied (publickey).
I didn't modify any ssh settings, and the file permissions of {myKeyFile.pem} is 400.
Also I can connect ssh server well by IntelliJ remote hosts,
but when I tried this in terminal, it goes wrong.

When I updated my Mac system, all the ssh server can't ssh with the private key, you can add the 3 lines below in the beginning of your /etc/.ssh/config.
But the best solution is create a new private key and upload the public key to each server one by one, because when you got this error, means your private key is deprecated to use.
# vim ~/.ssh/config, add the lines at the beginning
Host *
PubkeyAcceptedKeyTypes=+ssh-rsa
HostKeyAlgorithms=+ssh-rsa

Most likely your SSH client is using ssh-rsa (RSA+SHA1) and your server has that signature algorithm disabled. SHA-1 is vulnerable and OpenSSH disabled that signature algorithm in version 8.8 (2021-09-26).
The replacement for ssh-rsa is rsa-sha2-256 and rsa-sha2-512.
Try this command:
ssh -o PubkeyAcceptedKeyTypes=rsa-sha2-256 -i {myKeyFilePath/myKeyFile.pem} user#host
If that command fails with an error regarding an unsupported key exchange, then your SSH client is probably ancient.
Use one of the following solutions:
update the SSH client (usually a good idea)
use a different SSH Key Type such as Ed25519 (recommended)
enable rsa-sha in the SSH server (not recommended)
Edit:
If that works, you can permanently add it to your ~/.ssh/config file, and eliminate it from the command line use. However, there is a valid security reason that rsa-sha1 was disabled. Only do this as a last resort because SHA1 has been broken. Do not enable rsa-sha1 if your servers are audited for security or exposed to the public Internet.
Host *
PubkeyAcceptedKeyTypes +ssh-rsa
Replace * with a specific host or IP address to limit the use of this configuration.

I spent a few hours until I came to this question and answers. Here is a quick try to ssh into the server and then deal with the stuff later:
ssh -o PubkeyAcceptedKeyTypes=ssh-rsa -i {yourfile} user#host
This combines the previous answers by shoaly and John Hanley which contain more details and suggestions worth to follow to.

After the Mac system is upgraded to Ventura 13.1, I encounter the problem that SSH is configured with passwordless login, but the password is still required, my solution is to upgrade and encrypt the server's key to ed25519:
// 1. server: check HostKey in /etc/ssh/sshd_config
...
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
// 2. client: ssh-keygen -t ed25519
ssh-keygen -t ed25519
// 3. client: vim ~/.ssh/ssh_config
Host *
IdentityFile ~/.ssh/id_ed25519
// 4. client: ssh-copy-id
ssh-copy-id -i ~/.ssh/id_ed25519.pub
// 5. test ssh using identity file
ssh -v username#hostname
more about see man sshd_config, search keywords HostKey and HostKeyAlgorithms
HostKey
Specifies a file containing a private host key used by SSH. The defaults are /etc/ssh/ssh_host_ecdsa_key,
/etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key.
Note that sshd(8) will refuse to use a file if it is group/world-accessible and that the HostKeyAlgorithms
option restricts which of the keys are actually used by sshd(8).
HostKeyAlgorithms
Specifies the host key signature algorithms that the server offers.

GitLab SSH authentication succeeds, then connection closes

I have added an ecdsa-sha2-nistp256 SSH public key to my user account on a self-hosted GitLab instance. The same public key is used without issue on other services like GitHub.
When I try to clone any repo over SSH (git clone git#gitlab.local:user/project.git), including my own repos I am absolutely an owner of, I can see that the server accepts the public key:
debug1: Offering public key: ecdsa-sha2-nistp256 ECDSA SHA256:LL8b...Onco agent
debug1: Server accepts key: ecdsa-sha2-nistp256 ECDSA SHA256:LL8b...Onco agent
But the connection is immediately terminated and the clone aborted.
I've confirmed that ECDSA keys are enabled on the server, and that I'm connecting to the right server. Removing the public key from my profile results in a different error, so I know that (a) the server's authorized_keys setup is working, and (b) there isn't another user without repo privileges that I'm getting logged in as.

The issue seemed to be that /etc/pam.d/sshd had been modified in a way that prevented authentication.
We added the following to the top of the file:
# local user 'git' needs to be allowed
account sufficient pam_localuser.so

If the GitLab logs don't show any additional clue, I would start the ssh daemon on the server in debug mode: sshd -d
That will trigger a one-time interactive session, where you can see if your client SSH query:
arrives to the server
triggers any error message.

Can't authenticate via ssh key on new GitLab container

I've recently set up a new GitLab docker container, and though everything else has been working great I can't authenticate to it via ssh.
I followed the instructions here to the letter, with no succes.
Whatever key type I generate, and regardless of the client (Linux, Windows git-bash), The server instantly rejects the publickey and does not prompt for a password.
Debug shows the following:
debug1: Offering public key: /c/Users/[user]/.ssh/id_ed25519 ED25519 SHA256:[SHA-256]
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
Maybe it's something obvious, but I can't quite figure it out and no troubleshooting step managed to help.
As a side note, the ssh port is non standard, though I am accesing via the new port. I've also double checked ssh is enabled on both the server and the clients.
Any help would be greatly appreciated.
Thanks!

Check first if this is similar to gitlab-org/gitlab-foss issue 18371 "docker omnibus gitlab denying ssh public key"
In my case the problem was mismatch between ssh socket that docker container was exposing and my server's one.
It helped to expose it on different port like 10022 and reconfiguring gitlab like this:
gitlab_rails['gitlab_shell_ssh_port'] = 10022
Ideally, you would need to stop, restart the ssh daemon (server side, container side as seen in this thread) with
usr/sbin/sshd -d
That would allow you to check:
if the SSH request is received at all
if it is blocked for any reason

SSH via HTTP proxy with password on Windows with mingw64

I use Portable Git x64 on Windows. I run everything thought Git Bash. I need to ssh to a server which is reachable only via HTTP proxy. Authentication for server is via pubkey, authentication for proxy is via password, usernames are different. My ~/.ssh/config:
Host server
Hostname server_hostname
User server_username
IdentityFile ~/.ssh/id_rsa
ProxyCommand /c/PortableGit/mingw64/bin/connect.exe -H proxy_username#proxy_ip:12345 %h %p
The problem starts when ssh tries to pop-up the window where you need to enter a password for the HTTP proxy, log from ssh -vvv server:
$ ssh -vvv server
OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018
debug1: Reading configuration data /c/Users/username/.ssh/config
debug1: /c/Users/username/.ssh/config line 1: Applying options for server
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Executing proxy command: exec /c/PortableGit/mingw64/bin/connect.exe -H proxy_username#proxy_ip:12345 server_hostname 22
debug1: identity file /c/Users/username/.ssh/id_rsa type 0
debug1: identity file /c/Users/username/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
'C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass' is not recognized as an internal or external command,
operable program or batch file.
FATAL: Cannot decide password for proxy authentication.ssh_exchange_identification: Connection closed by remote host
git-gui--askpass is there, but for some reason it's not picked up by ssh. Running file 'C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass' gives:
$ file 'C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass'
C:\PortableGit\mingw64\libexec\git-core\git-gui--askpass: POSIX shell script, ASCII text executable
Content of the git-gui--askpass is identical to https://github.com/git/git/blob/3bab5d56259722843359702bc27111475437ad2a/git-gui/git-gui--askpass
I tried to run this script via command line, it works fine:
Also, I tried to specify another program as SSH_ASKPASS=/mingw64/libexec/git-core/git-askpass.exe (which I assume a stupid thing to do). This does not work either:
...
fatal: failed to acquire credentials.
I tried to supply a password in ~/.ssh/config as:
ProxyCommand /c/PortableGit/mingw64/bin/connect.exe -H proxy_username:proxy_password#proxy_ip:12345 %h %p
^^^^^^^^^^^^^^^
but this is ignored by ssh.
Besides, I tried to connect via MobaXterm and this works completely fine -- I've been asked for a proxy password and after entering it I am connected. Also, after connecting in MobaXterm I can connect in command line since the proxy does not ask for a password for some time. But for a different reason I cannot use MobaXterm.
Any ideas on how to make it work?

Utility connect.exe works with HTTP_PROXY_USER and HTTP_PROXY_PASSWORD environment variables. Solution found in source code

Try keeping your password in your ~/.ssh/config file and add
unset SSH_ASKPASS
To your .bashprofile

SSH access without mentioning user of remote server

I have an Ubuntu server with two users: user1 and user2. I have generated a SSH key locally and copied the public part to both users' authorized_keys file. I am able to login as both users:
srimanth#local:~$ ssh user1#server
Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.16.0-31-generic x86_64)
...
Last login: Fri Mar 20 04:11:08 2015 from A.B.C.D
user1#server:~$
srimanth#local:~$ ssh user2#server
Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.16.0-31-generic x86_64)
...
Last login: Thu Mar 19 22:45:26 2015 from A.B.C.D
user2#server:~$
But, if I don't mention the username authentication fails:
srimanth#local:~$ ssh -v server
...
debug1: Connection established.
debug1: identity file /home/srimanth/.ssh/id_rsa type -1
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: srimanth#local
debug1: Trying private key: /home/srimanth/.ssh/id_rsa
...
debug1: No more authentication methods to try.
Permission denied (publickey).
Please help me how do I solve this issue.

SSH is trying to login with srimanth username and since it doesn't exist on remote machine it fails. You must provide a remote valid username, or you will not be able to log into the remote machine.
As you had generated key and added it to authorized_keys file for both users, when you login with any of them, ssh is able to authenticate you using your private key.
If you don't want to specify username on the login, you have two options (it will still use the username to login but you can avoid specifying it on the command):
Add srimanth user to the remote server and add the public key to its authorized_keys file, so that from your machine when you are logged in as srimanth, and try to SSH, it uses the same username and lets you login to the remote machine.
Add an entry to your SSH config to use specific username when you are connecting to a particular host:
Host dev
HostName SERVER
Port 22
User DEFAULTUSER

If you don't specify the login username, ssh will try to log into the instance with your current user name: In your case, and by looking at your question, this would be srimanth.
For this to work, srimanth user account must exists first on the server, or a default userlogin for the instance in srimanth user SSH configuration file must be defined as describe in this answer from Learath2 to this question.
See Adding and Deleting Users to create an user account in an Ubuntu server.