On 9/20/20 10:11 AM, Pavel Raiskup wrote:
I'm curious about the effects of the change. It claims that RSA 2048 >= should
stay accepted by DEFAULT, and from what I can tell the host server key seems to
be RSA 2048 (at least that's what is generated by default on Debian 9):
$ ssh-keygen -l -f ssh_host_rsa_key.pub
2048 SHA256:<...> root@debian-9-host (RSA)
Sure, but the PubkeyAcceptedKeyTypes doesn't influence acceptable server
host keys (and if it did, the client should simply use another one of
the server's keys). PubkeyAcceptedKeyTypes influences what key types
the client will try to use for authentication.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
