Can't create custom NixOS AMIs with RSA key pairs

I want to create Jenkins agents with NixOS and the idea is creating AMIs with NixOS through Packer.

The problem is that it seems the default NixOS AMI does not allow the usage of RSA key pairs, or at least, I need to specify the key pair type to ED22519 so it can access the new instance and run all the setup scripts. Here is the error:

$ packer build build_and_test_image.json
amazon-ebs: output will be in this color.

==> amazon-ebs: Prevalidating any provided VPC information
==> amazon-ebs: Prevalidating AMI Name: jenkins_agent_nixos2_20220330
    amazon-ebs: Found Image ID: ami-099756bfda4540da0
==> amazon-ebs: Creating temporary keypair: packer_624475f8-70b7-4293-7cae-b5dcb86ddd41
==> amazon-ebs: Creating temporary security group for this instance: packer_624475fb-471a-1669-e302-99c529f25208
==> amazon-ebs: Authorizing access to port 22 from [0.0.0.0/0] in the temporary security groups...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Adding tags to source instance
    amazon-ebs: Adding tag: "Name": "Packer Builder"
    amazon-ebs: Instance ID: i-0f10c4f295c7c277e
==> amazon-ebs: Waiting for instance (i-0f10c4f295c7c277e) to become ready...
==> amazon-ebs: Using SSH communicator to connect: 3.222.207.142
==> amazon-ebs: Waiting for SSH to become available...
==> amazon-ebs: Error waiting for SSH: Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
==> amazon-ebs: Terminating the source AWS instance...
==> amazon-ebs: Cleaning up any extra volumes...
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored after 2 minutes 45 seconds: Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

==> Wait completed after 2 minutes 45 seconds

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

==> Builds finished but no artifacts were created.

Are these AMIs not allowing RSA keys by default?

Something to also add, I have deployed the AMI into instances two times, first one running with the RSA keys and the other with the ED22519.

> ssh -i TEMP-rsa.pem root@ec2-3-234-229-156.compute-1.amazonaws.com
root@ec2-3-234-229-156.compute-1.amazonaws.com: Permission denied (publickey,keyboard-interactive).
> ssh -i jenkins-test.pem root@ec2-34-206-64-4.compute-1.amazonaws.com
The authenticity of host 'ec2-34-206-64-4.compute-1.amazonaws.com (34.206.64.4)' can't be established.
ED25519 key fingerprint is SHA256:VMAeqMEzrgkSx8zqAS+qbG1OtGsDkb76FUy4rMszRWY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ec2-34-206-64-4.compute-1.amazonaws.com' (ED25519) to the list of known hosts.

[root@ip-10-1-0-140:~]#

I’ve found what happened and how to fix it:

Found this on the sshd logs:

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms

Looking on the net, I’ve found this thread and found the solution to add on the services.openssh.extraConfig section:

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

With this, I got it to work.