SSH Client Key Signing error in Vault 1.5.0

When configuring SSH Client Key Singing with Vault version 1.5.0, it was not functioning.
Got the following error in the sshd side
userauth_pubkey: key type ssh-rsa-cert-v01@openssh.com not in PubkeyAcceptedKeyTypes [preauth]

I use similar method in 1.4.3 which does not give me any issue.

Anyone experience the same?

Thanks.

Some update.

When testing the ssh client key signing locally (where vault server running), it works as per expectation.

What is blocking it when access from different host?

More update.

Tested with Centos8 and everything works as expected.
For some reason, RHEL8 was not preferred.
RHEL8 does comes with OpenSSH_7.8p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 while Centos8 comes with OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS 28 May 2019

However, after upgrading the OpenSSH s/w version to 8.0p1, SSH client key signing still not working in RHEL8.

Which algo are you using?
Check this out, I think was changed recently… Does RHEL > 8 support ssh-rsa?

@mikegreen, thanks for the hint.
got it workaround with
CASignatureAlgorithms ssh-rsa
in sshd_config