Solved! ssh-rsa algorithm for public key authentication (using SHA1 hash) has been deprecated (https://levelup.gitconnected.com/demystifying-ssh-rsa-in-openssh-deprecation...) and is excluded from the general crypto policies of Leap_15.6 (/usr/share/crypto-policies/DEFAULT/openssh.txt). The clue using ssh -vv were the lines: debug1: send_pubkey_test: no mutual signature algorithm debug2: we did not send a packet, disable method The fix was to add: HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms=+ssh-rsa to the user configuration (~/.ssh/config) related to particular host servers and remove them for all other host servers with: # Disable SSH forwarding on all other machines # remove public key algorithm ssh-rsa since it is deprecated Host * ForwardAgent no HostKeyAlgorithms -ssh-rsa PubkeyAcceptedAlgorithms= -ssh-rsa