Symptom
SSH session is being rejected with reason: Login Authentication Failed
The following debugs are being generated:
Oct 5 17:35:06.074 CDT: SSH2 0: Starting PKI session for certificate verification
Oct 5 17:35:06.080 CDT: SSH2 0: ssh2_verify_pubkey_sign: Verifying signature for user '{My User ID}' in SSH2_MSG_USERAUTH_REQUEST
Oct 5 17:35:06.080 CDT: SSH2 0: ssh2_blob_to_key: Got blob_public key x509v3-ssh-rsa, blob_key_type 0, publickey_algo_type 0
Oct 5 17:35:06.080 CDT: SSH2 0: Received a chain of 3 certificate
Oct 5 17:35:06.080 CDT: SSH2 0: Received 0 ocsp-response
Oct 5 17:35:06.080 CDT: %SSH-3-BUFF_GET_FAIL: Tried to get more bytes than in SSH Buffer
Oct 5 17:35:06.080 CDT: SSH: Unsupported RSA public key signature tag
Oct 5 17:35:06.080 CDT: SSH2 0: ssh2_verify_pubkey_sign: Client Signature Verification FAILED
Oct 5 17:35:06.080 CDT: SSH2 0: Certificate authentication failed for user '{My User ID}'
Oct 5 17:35:06.080 CDT: SSH0: password authentication failed for {My User ID}
Oct 5 17:35:07.081 CDT: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: {My User ID}] [Source: 10.100.10.10] [localport: 22] [Reason: Login Authentication Failed] at 17:35:07 CDT Mon Oct 5 2020
Conditions
SSH with certificate authentication is configured
IOS-XE was upgraded to 17.3.x
Workaround
Downgrade to IOS-XE 16.12.x
