aad_certhandler: The public key is of type ssh-rsa, not a certificate.

Problem:

I am currently experiencing difficulty connecting to the Azure VM using AD authentication. I am receiving an error message that states:

~ az ssh  vm -n rac1 -g marirac
OpenSSH_9.0p1, LibreSSL 3.3.6
...: Permission denied (publickey).
The OpenSSH server version in the target VM 7.4 is too old. Version incompatible with OpenSSH client version 9.0. Refer to https://bugzilla.mindrot.org/show_bug.cgi?id=3351 for more information.

When I check /var/log/secure log on the server side, it shows:

Jun  6 16:49:54 rac1 sshd[27249]: Connection closed by ... port 51572 [preauth]
Jun  6 16:54:44 rac1 sshd[31386]: nss_aad: This is an Azure machine
Jun  6 16:54:44 rac1 aad_certhandler[31393]: Version: 1.0.022600002; user: ...
Jun  6 16:54:44 rac1 aad_certhandler[31393]: The public key is of type ssh-rsa, not a certificate.
Jun  6 16:54:44 rac1 sshd[31386]: error: AuthorizedKeysCommand /usr/sbin/aad_certhandler ...
Jun  6 16:54:44 rac1 sshd[31386]: Connection closed by ... port 52092 [preauth]

I have intentionally redacted certain portions of the information for security reasons, although errors are still apparent.

Troubleshooting:

Client and server versions are different:

Server:

[root@rac1 ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

Client:

 ~ ssh -V
OpenSSH_9.0p1, LibreSSL 3.3.6

Workaround:

Pass the following option to ssh when using az ssh Command:

~ az ssh  vm -n rac1 -g marirac -- -o PubkeyAcceptedKeyTypes=+ssh-rsa-cert-v01@openssh.com