On Fri, Jan 08, 2021 at 05:03:34AM -0700, Brad Bell wrote: > 1. Does this mean that 38.145.60.17 is the correct host address and I do not > have to worry adding it to ~/.ssh/known_hosts ? > Yes. > 2. If I add the contents of > https://admin.fedoraproject.org/ssh_known_hosts > starting with a new line and at the end of my ~/.ssh/known_hosts and try 'fedpkg push` I get: > > cppad>fedpkg push > check_host_cert: certificate signature algorithm ssh-rsa: signature algorithm not supported > The authenticity of host 'pkgs.fedoraproject.org (38.145.60.17)' can't be established. > RSA key fingerprint is SHA256:Q12OTyTeOHWlS54dTzy2BNu7wB8UKNf18+7WHIDsORc. > Are you sure you want to continue connecting (yes/no/[fingerprint])? > It seems the certificate is signed with ssh-rsa SSH alghoritm which uses SHA-1 underneath and > 3. If I execute `dnf info openssh' I get > > Name : openssh > Version : 8.4p1 > Release : 4.fc33 > which is not supported by openssh-8.4p1 and Fedora 33 system-wide cryptopolicy. I believe Fedora infrastrucure maintainers should create a new certificate with SHA-2 instead of SHA-1. -- Petr
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
