On Sun, Sep 20, 2020 19:11:29 +0200, Pavel Raiskup wrote: > After upgrade of one of my servers to F33, I noticed that I can not ssh to > one of my other servers running Debian 9 system (relatively freshly EOLed, > I need to do something about it). On F33 I always need to: > > $ ssh -oPubkeyAcceptedKeyTypes=+ssh-rsa user@debian-9-host > > The changes in Fedora packages led me to: > > https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/b298a9e1 > > Which led me to: > > https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 > > I'm curious about the effects of the change. It claims that RSA 2048 >= should > stay accepted by DEFAULT, and from what I can tell the host server key seems to > be RSA 2048 (at least that's what is generated by default on Debian 9): > > $ ssh-keygen -l -f ssh_host_rsa_key.pub > 2048 SHA256:<...> root@debian-9-host (RSA) > > Can anyone translate to me if this is really expected or a bug? Effect is that > Fedora 33 clients can not ssh to Debian 9 hosts by default (I'm not sure about > the supported Debian 10, and the key quality there). > I just updated to F33, and now I think I get the same issue with BitBucket.org: $ ssh -Tv git@xxxxxxxxxxxxx ... send_pubkey_test: no mutual signature algorithm It works if I use: $ ssh -Tv -oPubkeyAcceptedKeyTypes=+ssh-rsa git@xxxxxxxxxxxxx Github and Gitlab seem to work fine, so this is Bitbucket specific. -- Thanks, Regards, Ankur Sinha "FranciscoD" (He / Him / His) | https://fedoraproject.org/wiki/User:Ankursinha Time zone: Europe/London
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx